Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall
July 24, 2025
Network Security / Vulnerability
Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows:
- CVE-2025-6704 (CVSS score: 9.8): An arbitrary file writing vulnerability within the Secure PDF eXchange (SPX) feature that can enable pre-auth remote code execution if specific SPX configurations are used alongside firewall operation in High Availability (HA) mode.
- CVE-2025-7624 (CVSS score: 9.8): An SQL injection vulnerability in the legacy (transparent) SMTP proxy that can result in remote code execution, contingent on an active quarantining policy for Email and if SFOS has been upgraded from a version prior to 21.0 GA.
Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability.
Network Security / Vulnerability
Sophos and SonicWall Address Critical RCE Vulnerabilities in Firewalls and SMA 100 Devices On July 24, 2025, cybersecurity firms Sophos and SonicWall issued urgent security warnings regarding significant vulnerabilities discovered in the Sophos Firewall and Secure Mobile Access (SMA) 100 Series devices. The flaws present a critical risk, allowing potential…
Critical RCE Vulnerabilities Identified in Sophos Firewall and SMA 100 Devices: Urgent Patches Released by Sophos and SonicWall
July 24, 2025
Network Security / Vulnerability
Sophos and SonicWall have issued a warning regarding serious security flaws in Sophos Firewall and Secure Mobile Access (SMA) 100 Series appliances, which could be exploited for remote code execution. The two critical vulnerabilities affecting Sophos Firewall are as follows:
- CVE-2025-6704 (CVSS score: 9.8): An arbitrary file writing vulnerability within the Secure PDF eXchange (SPX) feature that can enable pre-auth remote code execution if specific SPX configurations are used alongside firewall operation in High Availability (HA) mode.
- CVE-2025-7624 (CVSS score: 9.8): An SQL injection vulnerability in the legacy (transparent) SMTP proxy that can result in remote code execution, contingent on an active quarantining policy for Email and if SFOS has been upgraded from a version prior to 21.0 GA.
Sophos reports that CVE-2025-6704 affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73% of devices. Both vulnerabilities have been addressed in a recent update, along with a high-severity command injection vulnerability.
