Vendor scorecard
Sophos
Sophos security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: sophos
Product families
2
Open in latest
18
Inferred — see methodology
Last disclosure
Jul 21, 2025
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Firewall / SFOSNGFW / Network Securitysfos, firewall, xg_firewall… | 0 | 9 | 19.5.3MED | ||
| Secure Web/Email GatewayNGFW / Network Securityweb_appliance, email_appliance | 0 | 9 | 4.5.3.4LOW |
02
Recent CVEs
5 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-7624(opens NVD record) | Critical | 9.8 | An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | Jul 21, 2025 |
| CVE-2025-7382(opens NVD record) | High | 8.8 | A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled. | Jul 21, 2025 |
| CVE-2025-6704(opens NVD record) | Critical | 9.8 | An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | Jul 21, 2025 |
| CVE-2024-13974(opens NVD record) | High | 8.1 | A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution. | Jul 21, 2025 |
| CVE-2024-13973(opens NVD record) | Medium | 6.8 | A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | Jul 21, 2025 |
0 CVEs · 2 product families