Critical Sophos Firewall Flaws Allow Pre-Auth RCE
gbhackersSophos has disclosed multiple critical security vulnerabilities affecting its Firewall products, with the most severe flaws enabling pre-authentication remote code execution that could allow attackers to completely compromise affected systems.
The cybersecurity company released hotfixes for five independent vulnerabilities, two of which carry critical severity ratings and pose significant risks to enterprise networks worldwide.
Severe Pre-Authentication Vulnerabilities Discovered
The most concerning vulnerability, tracked as CVE-2025-6704, represents an arbitrary file writing flaw in the Secure PDF eXchange (SPX) feature that can lead to pre-authentication remote code execution.
| CVE ID | Severity | Description | Affected Versions |
| CVE-2025-6704 | Critical | Arbitrary file writing in SPX feature leading to pre-auth RCE | v21.5 GA and older |
| CVE-2025-7624 | Critical | SQL injection in legacy SMTP proxy leading to RCE | v21.5 GA and older |
| CVE-2025-7382 | High | Command injection in WebAdmin enabling pre-auth RCE on HA devices | v21.5 GA and older |
| CVE-2024-13974 | High | Business logic flaw in Up2Date component ... |
Copyright of this story solely belongs to gbhackers . To see the full text click HERE