Vendor scorecard
Sophos
Sophos security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: sophos
Product families
2
Open in latest
18
Inferred — see methodology
Last disclosure
Jul 21, 2025
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Firewall / SFOSNGFW / Network Securitysfos, firewall, xg_firewall… | 0 | 9 | 19.5.3MED | ||
| Secure Web/Email GatewayNGFW / Network Securityweb_appliance, email_appliance | 0 | 9 | 4.5.3.4LOW |
02
Recent CVEs
8 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-7624(opens NVD record) | Critical | 9.8 | An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | Jul 21, 2025 |
| CVE-2025-7382(opens NVD record) | High | 8.8 | A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled. | Jul 21, 2025 |
| CVE-2025-6704(opens NVD record) | Critical | 9.8 | An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | Jul 21, 2025 |
| CVE-2024-13974(opens NVD record) | High | 8.1 | A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution. | Jul 21, 2025 |
| CVE-2024-13973(opens NVD record) | Medium | 6.8 | A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | Jul 21, 2025 |
| CVE-2024-12729(opens NVD record) | High | 8.8 | A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | Dec 19, 2024 |
| CVE-2024-12728(opens NVD record) | Critical | 9.8 | A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | Dec 19, 2024 |
| CVE-2024-12727(opens NVD record) | Critical | 9.8 | A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | Dec 19, 2024 |
0 CVEs · 2 product families