CyberSecurityBoard
Sponsor Register Login

Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution

Multiple security vulnerabilities affecting Sophos firewall products, with two enabling pre-authentication remote code execution that could allow attackers to compromise systems without valid credentials. Users running supported versions including 19.0 MR2, 20.0 MR2/MR3, and 21.0 GA variants should verify hotfix application through Sophos support documentation to ensure comprehensive protection against these critical security flaws. The vulnerabilities, tracked as CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, and CVE-2024-13973, impact various configurations of Sophos Firewall versions 21.5 GA and older, with automatic hotfixes already deployed to address the most severe flaws. The CVE-2024-13974 vulnerability exploits business logic flaws in the Up2Date component, allowing attackers to control the firewall’s DNS environment and achieve remote code execution. Five serious flaws in Sophos Firewall, including pre-auth remote code execution, have been patched. This high-severity issue was discovered and disclosed by the UK’s National Cyber Security Centre (NCSC). The vulnerability demonstrates how legacy components can introduce significant security risks in modern network infrastructure. Security researchers discovered this flaw through Sophos’s bug bounty program and responsibly disclosed it to the company.

This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 22 Jul 2025 13:10:08 +0000


Cyber News related to Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution

Top 10 Best Linux Firewalls - 2025 - It protects computers/networks via secure programming.1. Old PCs only boot from CDROM, while network boot requires a net card with a boot ROM.2. Its web interface is very user-friendly and makes usage easy.2. User-created rules take longer to ...
4 months ago Cybersecuritynews.com
What Is a Host-Based Firewall? Definition & When to Use - Organizations often use host-based firewalls when specific network applications or services require open communication channels that aren't allowed under default firewall settings. To install a host-based firewall across all endpoints, choose your ...
1 year ago Esecurityplanet.com
What Is a Firewall Policy? Ultimate Guide - A firewall policy is a set of rules and standards designed to control network traffic between an organization's internal network and the internet. There are key components to consider, main types of firewall policies and firewall configurations to be ...
1 year ago Esecurityplanet.com
Critical Sophos Firewall Vulnerabilities Enables pre-auth Remote Code Execution - Multiple security vulnerabilities affecting Sophos firewall products, with two enabling pre-authentication remote code execution that could allow attackers to compromise systems without valid credentials. Users running supported versions including ...
2 days ago Cybersecuritynews.com CVE-2025-6704
9 Best Next-Generation Firewall Solutions for 2023 - Next-generation firewalls are network security solutions that go beyond the traditional port/protocol inspection by incorporating application-level inspection, intrusion prevention, and external threat intelligence. As the third generation in ...
1 year ago Esecurityplanet.com
Top 12 Firewall Best Practices to Optimize Network Security - The consistent implementation of firewall best practices establish a strong defense against cyber attacks to secure sensitive data, protect the integrity and continuity of business activities, and ensure network security measures function optimally. ...
1 year ago Esecurityplanet.com
Top Ten FirewallasaService Companies - Firewall as a Service (FWaaS) is a way of providing firewall functionality in the cloud, rather than on the traditional network perimeter. This is beneficial for businesses that have migrated their data and applications to the cloud, as it allows ...
2 years ago Cybersecuritynews.com
What Are Firewall Rules? Ultimate Guide - Firewall rules are preconfigured, logical computing controls that give a firewall instructions for permitting and blocking network traffic. Network admins must configure firewall rules that protect their data and applications from threat actors. ...
1 year ago Esecurityplanet.com
Easy Firewall Implementation & Configuration for Small and Medium Businesses - Here at Cisco, we've developed industry-leading firewalls designed specifically for the needs of SMBs. Our Secure Firewalls for small businesses help simplify security, with streamlined implementation at a price point that is affordable. Once you ...
1 year ago Feedpress.me
3 Essential Firewall Attributes to Secure Today's Network - Every modern network needs to be kept secure, and an equally secure firewall is the foundation of achieving this security. Firewalls are the first line of defense against threats from outside and from within a network. A firewall can be an appliance, ...
2 years ago Csoonline.com
Sophos Patches EOL Firewalls Against Exploited Vulnerability - UK-based cybersecurity firm Sophos this week announced patches for an exploited vulnerability in Firewall versions that have reached End-of-Life. The critical-severity flaw, tracked as CVE-2022-3236, was found to impact versions 19.0 MR1 and older of ...
1 year ago Securityweek.com CVE-2022-3236
What is Firewall as a Service? - A firewall serves as a barrier to unapproved network traffic. A firewall creates a remotely delivered cybersecurity solution licensed on a subscription basis as a Service or FWaaS. Companies can streamline their IT infrastructure using Perimeter81 ...
1 year ago Cybersecuritynews.com
Secure Workload and Secure Firewall: The recipe for a robust zero trust cybersecurity strategy - You hear a lot about zero trust microsegmentation these days and rightly so. While a host-based enforcement approach is immensely powerful because it provides access to rich telemetry in terms of processes, packages, and CVEs running on the ...
1 year ago Feedpress.me
Sophos backports RCE fix after attacks on unsupported firewalls - Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life firewall firmware versions after discovering hackers actively exploiting the flaw in attacks. The flaw is a code injection problem in the User Portal and Webadmin of ...
1 year ago Bleepingcomputer.com CVE-2022-3236
Enhancing firewall management with automation tools - Help Net Security - In this Help Net Security interview, Raymond Brancato, CEO at Tufin, discusses the considerations organizations must weigh when selecting a next-generation firewall to effectively balance security needs with network performance. Firewall rule ...
9 months ago Helpnetsecurity.com
Help Firewall Admins With Cisco AI Assistant for Security - At its core, a firewall is a shield that protects your network from malicious traffic. But those who work with firewalls every day know the reality: An average firewall has thousands of rules governing how traffic should be handled, many of which may ...
1 year ago Feedpress.me
What Is a Next-Generation Firewall? - A next generation firewall performs deep packet inspection to check the contents of the data flowing through the firewall. Unlike more basic firewalls that only check the header of data packets, NGFWs examine and evaluate the payload data within the ...
1 year ago Esecurityplanet.com
CISA warns of actively exploited Windows, Sophos, and Oracle bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. The KEV catalog ...
1 year ago Bleepingcomputer.com CVE-2023-36584 CVE-2023-1671 LockBit
Fraudsters Successfully Inserted Cryptocurrency Programs into Apple and Google's App Stores - Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both ...
2 years ago Therecord.media
How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
1 year ago Techtarget.com LockBit Snatch
20 Best Endpoint Management Tools - 2025 - What is Good?What Could Be Better?Comprehensive endpoint security against many threats.The user interface may overwhelm some users.Machine learning for real-time threat detection.Integration with existing systems may be complex.A central management ...
3 months ago Cybersecuritynews.com
Juniper warns of critical RCE bug in its firewalls and switches - Juniper Networks has released security updates to fix a critical pre-auth remote code execution vulnerability in its SRX Series firewalls and EX Series switches. Found in the devices' J-Web configuration interfaces and tracked as CVE-2024-21591, this ...
1 year ago Bleepingcomputer.com CVE-2024-21591 CVE-2023-36844 CVE-2023-36845 CVE-2023-36846 CVE-2023-36847
Cybercriminals Hesitant About Using Generative AI - Cybercriminals are so far reluctant to use generative AI to launch attacks, according to new research by Sophos. Examining four prominent dark-web forums for discussions related to large language models, the firm found that threat actors showed ...
1 year ago Infosecurity-magazine.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
EOL Sophos firewalls get hotfix for old but still exploited vulnerability - Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. CVE-2022-3236 is a code ...
1 year ago Helpnetsecurity.com CVE-2022-3236

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)