Security Advisory

Sophos product security update advisory

  • Jul 29 2025
Sophos product security update advisory

Overview

 

We have released security updates to fix vulnerabilities in Sophos products. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-6704, CVE-2025-7382, CVE-2025-7624

 

Sophos Firewall Versions: v21.5 GA (21.5.0) and earlier

 

CVE-2024-13974

 

Sophos Firewall version: v21.0 GA (21.0.0) and earlier

 

 

Resolved Vulnerabilities

 

Command injection vulnerability in Sophos Firewall (CVE-2025-6704, CVE-2025-7382, CVE-2024-13974)
SQL Injection Vulnerability in Sophos Firewall (CVE-2025-7624)

 

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2025-6704, CVE-2025-7382, CVE-2025-7624

 

Sophos Firewall version: v21.0 MR2 or later

 

CVE-2024-13974

 

Sophos Firewall Version: v21.0 MR1 and later

 

 

References

 

[1] Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Tags:
Previous Post

Next Post