AI description
CVE-2025-7624 is an SQL injection vulnerability found in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2). If exploited, this vulnerability can lead to remote code execution. The vulnerability can be exploited if a quarantining policy is active for Email and the Sophos Firewall was upgraded from a version older than 21.0 GA. It potentially impacts a small percentage of devices.
- Description
- An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.
- Source
- security-alert@sophos.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security-alert@sophos.com
- CWE-89
- Hype score
- Not currently trending
Warning: Critical vulnerabilities in @Sophos #Firewall! CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974 CVSS 8.1, CVE-2024-13973 with highest CVSS 9.8. These flaws allow remote code execution! Update and secure your systems NOW! https://t.co/J4yeQ0AEP2 #RCE #Patch
@CCBalert
26 Jul 2025
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 ثغرات حرجة في @Sophos و @SonicWall تتيح تنفيذ أوامر عن بُعد بدون مصادقة تم إصدار تحديثات أمنية لمعالجة الثغرات التالية: 🔹 Sophos: - CVE-2025-6704 (9.8) - CVE-2025-7624 (9.8) - CVE-2025
@cyberscastx
25 Jul 2025
877 Impressions
0 Retweets
5 Likes
1 Bookmark
2 Replies
0 Quotes
🚨Alert🚨 :Multiple Vulnerabilities in Sophos Firewall CVE-2025-6704:An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature CVE-2025-7624:An SQL injection vulnerability in the legacy (transparent) SMTP proxy CVE-2025-7382:A command injection https://
@HunterMapping
25 Jul 2025
2565 Impressions
17 Retweets
34 Likes
11 Bookmarks
1 Reply
1 Quote
SophosとSonicWallのファイアウォールに重大なRCE脆弱性(CVE-2025-6704、CVE-2025-7624) https://t.co/QN0cDLxXfz #Security #セキュリティ #ニュース
@SecureShield_
25 Jul 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SophosとSonicWallは、それぞれの製品に重大なセキュリティ脆弱性があることを警告した。 Sophos Firewallでは、CVE-2025-6704とCVE-2025-7624(CVSSスコア9.8)を含む複数の脆弱性が修正された。
@yousukezan
24 Jul 2025
569 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
Sophos Firewall and SonicWall SMA 100 Series have critical vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-40599) enabling remote code execution. Although affecting a small percentage, immediate patches are advised. #SecurityUpdate #Firewalls https://t.co/MdFIZD93IL
@TweetThreatNews
24 Jul 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sophos fixed two critical Sophos Firewall vulnerabilities Sophos has patched five vulnerabilities in its Firewall product, including two critical flaws—CVE-2025-6704 and CVE-2025-7624 (CVSS 9.8)—that enable pre-auth remote code execution via the SPX feature and legacy SMTP h
@dCypherIO
24 Jul 2025
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Sophosのファイアウォールに重大な脆弱性-既に修正済み(CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) #セキュリティ対策Lab #セキュリティ #Security https://t.co/2dK1mTiAZf
@securityLab_jp
24 Jul 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Sophos Firewall ❗CVE-2025-6704 ❗CVE-2025-7624 ❗CVE-2025-7382 ➡️Más info: https://t.co/0HyyI2iRS9 https://t.co/OAss4bgdlw
@CERTpy
23 Jul 2025
146 Impressions
1 Retweet
2 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ تحذير أمني Sophos Firewall 🔴 الثغرات: CVE-2025-6704 CVE-2025-7624 CVE-2024-13973 🔴 الخطر: - تنفيذ هجمات SQL Injection. - تحميل وتنفيذ ملفات خبيثة. - رفع الصلاحيات والسيطرة الكامل
@BasharALYAsser1
22 Jul 2025
65 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2025-6704、CVE-2025-7624 Sophos Firewall Emergency Update: Two Critical RCE Vulnerabilities Patched 🎯29k+Results are found on the https://t.co/pb16tGYaKe nearly year 🔗FOFA Link:https://t.co/FGG6AHd3Tz FOFA Query:app="SOPHOS-Firewall" 🔖Refer:https://t.co
@fofabot
22 Jul 2025
1664 Impressions
10 Retweets
24 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨🚨Two Critical RCE Flaws in Sophos Firewall CVE-2025-6704: Pre-auth RCE via SPX + HA mode. Arbitrary file writing in SPX allows RCE! CVE-2025-7624: SQL injection in legacy SMTP proxy. Upgraded from older versions with email quarantine? RCE risk! ZoomEye Dork👉app="Soph
@zoomeye_team
22 Jul 2025
1348 Impressions
7 Retweets
16 Likes
6 Bookmarks
0 Replies
0 Quotes
🚨🚨Two Critical RCE Flaws in Sophos Firewall CVE-2025-6704: Pre-auth RCE via SPX + HA mode. Arbitrary file writing in SPX allows RCE! CVE-2025-7624: SQL injection in legacy SMTP proxy. Upgraded from older versions with email quarantine? RCE risk! ZoomEye Dork👉app="Soph
@zoomeye_team
22 Jul 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes