Primary

Context

Sophos Firewall WebAdmin Post-Authentication SQL Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A post-authentication SQL injection vulnerability has been identified in the WebAdmin interface of Sophos Firewall. This vulnerability affects versions prior to 21.0 MR1 (21.0.1) and could allow administrators to execute arbitrary code on the firewall.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the affected Sophos Firewall device.

Remediation

Users of Sophos Firewall versions 21.0 GA (21.0.0) and older should upgrade to a version that includes the hotfix for this vulnerability. Instructions for verifying the hotfix application are available on the Sophos support site.

Added: Jul 21, 2025, 2:35 PM

Updated: Jul 21, 2025, 2:35 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

4.4

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sophos Firewall WebAdmin Post-Authentication SQL Injection Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Sophos Firewall

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating