【Vulnerability Alert】Three Critical Information Security Vulnerabilities Found in Sophos Firewall System
publish date :
2025-07-28
update date :
2025-07-28
Source: Ministry of education information & communication security contingency platform
| Publication Number | TACERT-ANA-2025072203073434 | Publication Time | 2025/07/22 15:02 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/07/22 15:02 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Three Critical Information Security Vulnerabilities Found in Sophos Firewall System |
|||
| [Content] Forwarded from TWCERTCC-200-202507-00000021 Sophos has released a security advisory regarding its firewall products, disclosing three critical vulnerabilities and publishing patched versions. Users are urged to verify whether their systems have applied the relevant updates as soon as possible. 【CVE-2025-6704, CVSS: 9.8】 The Secure PDF eXchange (SPX) feature has an arbitrary file write vulnerability. If a specific SPX configuration is enabled and the firewall is in High Availability (HA) mode, it may lead to pre-authenticated remote code execution. 【CVE-2025-7624, CVSS: 9.8】 A SQL injection vulnerability exists in the legacy (transparent) SMTP proxy. If email quarantine policy is enabled and the system was upgraded from a version earlier than 21.0 GA, it may result in remote code execution. 【CVE-2025-7382, CVSS: 8.8】 WebAdmin has a command injection vulnerability. If the administrator has enabled OTP authentication, an adjacent attacker may be able to perform pre-authenticated code execution on the HA secondary device. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] Sophos Firewall version 21.5 GA and earlier |
|||
| [Recommended Actions] Please follow the official patch guidance provided on the vendor’s website: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce |
|||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10280-e36be-1.html |
|||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center