Primary

Context

Sophos Firewall SQL Injection Vulnerability in SMTP Proxy Leading to Remote Code Execution

Vulnerability

Patched

A SQL injection vulnerability has been identified in the legacy (transparent) SMTP proxy of Sophos Firewall. This vulnerability affects versions prior to 21.0 MR2 (21.0.2) and can lead to remote code execution. The issue arises when an email quarantining policy is active, and the firewall has been upgraded from a version earlier than 21.0 GA.

Impact

Exploitation of this vulnerability can result in remote code execution on the affected Sophos Firewall device.

Remediation

Users of Sophos Firewall versions 21.0 MR1-2 (21.0.1.277) and 21.5 GA (21.5.0.171) can apply the hotfix for this vulnerability. Instructions for verifying the hotfix can be found on the Sophos support website.

Added: Jul 21, 2025, 2:20 PM

Updated: Jul 21, 2025, 2:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

7.0

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Sophos Firewall SQL Injection Vulnerability in SMTP Proxy Leading to Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

Sophos Firewall

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating