Vendor scorecard
Sophos
Sophos security disclosure record — CVE volume, CVSS severity mix and product-category breakdown, sourced from the NIST NVD.
CPE: sophos
Product families
2
Open in latest
18
Inferred — see methodology
Last disclosure
Jul 21, 2025
01
Product categories
2 trackedCVE volume, severity mix and the inferred latest shipping version per category.
| Category | CVEs | Volume | Severity mix | Open | Inferred latest |
|---|---|---|---|---|---|
| Firewall / SFOSNGFW / Network Securitysfos, firewall, xg_firewall… | 5 | 9 | 19.5.3MED | ||
| Secure Web/Email GatewayNGFW / Network Securityweb_appliance, email_appliance | 5 | 9 | 4.5.3.4LOW |
02
Recent CVEs
12 shownMost recently published, newest first. Each ID links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-7624(opens NVD record) | Critical | 9.8 | An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA. | Jul 21, 2025 |
| CVE-2025-7382(opens NVD record) | High | 8.8 | A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled. | Jul 21, 2025 |
| CVE-2025-6704(opens NVD record) | Critical | 9.8 | An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | Jul 21, 2025 |
| CVE-2024-13974(opens NVD record) | High | 8.1 | A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution. | Jul 21, 2025 |
| CVE-2024-13973(opens NVD record) | Medium | 6.8 | A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution. | Jul 21, 2025 |
| CVE-2024-12729(opens NVD record) | High | 8.8 | A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | Dec 19, 2024 |
| CVE-2024-12728(opens NVD record) | Critical | 9.8 | A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | Dec 19, 2024 |
| CVE-2024-12727(opens NVD record) | Critical | 9.8 | A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | Dec 19, 2024 |
| CVE-2021-36806(opens NVD record) | Medium | 4.7 | A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | Nov 30, 2023 |
| CVE-2023-5552(opens NVD record) | High | 7.1 | A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to “Specified by sender”. | Oct 18, 2023 |
| CVE-2023-33336(opens NVD record) | Medium | 4.8 | Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. | Jun 30, 2023 |
| CVE-2023-1671(opens NVD record) | Critical | 9.8 | A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. | Apr 4, 2023 |
10 CVEs · 2 product families