How many vulnerabilities affect Sophos?

There are currently 163 known vulnerabilities (CVEs) affecting Sophos tracked in the Strobes VI database.

Are there exploits available for Sophos vulnerabilities?

Some vulnerabilities affecting Sophos have known public exploits. Check individual CVE pages for exploit details and mitigation guidance.

How should I prioritize Sophos vulnerabilities?

Prioritize based on Strobes Priority Score, which combines CVSS severity, EPSS exploitation probability, exploit availability, and patch status. Focus first on vulnerabilities with high Priority Scores and available exploits.

Sophos Vulnerabilities

Known vulnerabilities affecting Sophos products and systems

Total: 163 vulnerabilitiesPage 1

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch
CVE-2025-7624	An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for...	9.8	717	Neutral	No	Yes
CVE-2025-7382	A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxili...	8.8	714	Neutral	No	Yes
CVE-2025-6704	An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific conf...	9.8	751	Neutral	No	Yes
CVE-2024-13974	A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code ...	8.1	482	Neutral	No	Yes
CVE-2024-13973	A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.	7.2	442	Neutral	No	Yes
CVE-2024-13861	A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems usi...	7.8	594	Neutral	No	Yes
CVE-2024-12729	A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).	8.8	708	Neutral	No	Yes
CVE-2024-12728	A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).	9.8	588	Neutral	No	Yes
CVE-2024-12727	A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code exec...	9.8	717	Neutral	No	Yes
CVE-2023-5552	A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the pass...	7.5	514	Neutral	No	Yes
CVE-2023-33336	Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.	4.8	210	Neutral	No	No
CVE-2023-33335	Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.	6.1	280	Neutral	No	No
CVE-2023-1671	A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.	9.8	853	Low	Yes	Yes
CVE-2022-4934	A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.	7.2	477	Neutral	No	Yes
CVE-2022-4901	Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the vict...	6.1	272	Neutral	No	Yes
CVE-2022-48310	An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.	5.5	125	Neutral	No	Yes
CVE-2022-48309	A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.	4.3	163	Neutral	No	Yes
CVE-2022-3980	An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.	9.8	819	Neutral	Yes	Yes
CVE-2022-3713	A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA.	8.8	714	Neutral	No	Yes
CVE-2022-3711	A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.	4.3	228	Neutral	No	Yes

Showing 1 - 20 of 163

CVE ID	Description	CVSS	Priority	Trend	Exploit	Patch

CVE ID

Description

CVSS

Priority

Trend

Exploit

Patch

CVE-2025-7624

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for...

9.8

717

Neutral

Yes

CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxili...

8.8

714

Neutral

Yes

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific conf...

9.8

751

Neutral

Yes

CVE-2024-13974

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code ...

8.1

482

Neutral

Yes

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

7.2

442

Neutral

Yes

CVE-2024-13861

A code injection vulnerability in the Debian package component of Taegis Endpoint Agent (Linux) versions older than 1.3.10 allows local users arbitrary code execution as root. Redhat-based systems usi...

7.8

594

Neutral

Yes

CVE-2024-12729

A post-auth SQLi vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

8.8

708

Neutral

Yes

CVE-2024-12728

A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3).

9.8

588

Neutral

Yes

CVE-2024-12727

A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code exec...

9.8

717

Neutral

Yes

CVE-2023-5552

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the pass...

7.5

514

Neutral

Yes

CVE-2023-33336

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes.

4.8

210

Neutral

CVE-2023-33335

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed.

6.1

280

Neutral

CVE-2023-1671

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code.

9.8

853

Low

Yes

CVE-2022-4934

A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code.

7.2

477

Neutral

Yes

CVE-2022-4901

Multiple stored XSS vulnerabilities in Sophos Connect versions older than 2.2.90 allow Javascript code to run in the local UI via a malicious VPN configuration that must be manually loaded by the vict...

6.1

272

Neutral

Yes

CVE-2022-48310

An information disclosure vulnerability allows sensitive key material to be included in technical support archives in Sophos Connect versions older than 2.2.90.

5.5

125

Neutral

Yes

CVE-2022-48309

A CSRF vulnerability allows malicious websites to retrieve logs and technical support archives in Sophos Connect versions older than 2.2.90.

4.3

163

Neutral

Yes

CVE-2022-3980

An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4.

9.8

819

Neutral

Yes

CVE-2022-3713

A code injection vulnerability allows adjacent attackers to execute code in the Wifi controller of Sophos Firewall older than version 19.5 GA.

8.8

714

Neutral

Yes

CVE-2022-3711

A post-auth read-only SQL injection vulnerability allows users to read non-sensitive configuration database contents in the User Portal of Sophos Firewall older than version 19.5 GA.

4.3

228

Neutral

Yes

Sophos Vulnerabilities

Ready for Agentic Automated Testing?

Sophos Vulnerabilities