【Vulnerability Alert】Two Critical Information Security Vulnerabilities Found in Sophos Intercept X for Windows
publish date :
2025-07-28
update date :
2025-07-28
Source: Ministry of education information & communication security contingency platform
| Publication Number | "TACERT-ANA-2025072209074141 | Publication Time | "2025/07/22 09:04 |
| Incident Type | "ANA-Vulnerability Alert | "Discovery Time | 2025/07/22 09:04 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】Two Critical Information Security Vulnerabilities Found in Sophos Intercept X for Windows | |||
| [Content] Forwarded from TWCERTCC-200-202507-00000013 "Recently, Sophos released a security advisory regarding Intercept X for Windows, disclosing two critical vulnerabilities and publishing patched versions. Users are urged to promptly verify whether their systems have applied the relevant updates. 【CVE-2024-13972, CVSS: 8.8】 This vulnerability exists in the update program of Sophos Intercept X for Windows and is related to registry permission settings. During product upgrades, attackers may obtain system-level privileges through local user access. 【CVE-2025-7433, CVSS: 8.8】 A local privilege escalation vulnerability exists in the device encryption component of Sophos Intercept X for Windows. This vulnerability allows attackers to execute arbitrary code." Information Sharing Level: WHITE (Information content can be publicly disclosed) | |||
| [Affected Platform] "Sophos Intercept X for Windows versions earlier than 2024.3.2 Sophos Intercept X for Windows Central Device Encryption versions earlier than 2025.1" | |||
| [Recommended Actions] "Please follow the vendor’s official patch guidance: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe" | |||
| [Reference] https://www.twcert.org.tw/tw/cp-169-10276-19d7a-1.html | |||
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer:
Computer Center