The registry ACL vulnerability CVE-2024-13972 impacts all Intercept X for Windows installations prior to version 2024.3.2, as well as Fixed Term Support (FTS) 2024.3.2.23.2 and Long Term Support (LTS) 2025.0.1.1.2 releases. Identified as CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, the flaws span registry permission misconfigurations, a weakness in the Device Encryption component, and an issue in the Windows installer running under the SYSTEM account. Three critical vulnerabilities in the Sophos Intercept X for Windows product family could allow local attackers to achieve arbitrary code execution with system-level privileges. All three defects carry a High severity rating and affect versions of Intercept X for Windows before the latest patches released on July 17, 2025. Three High-severity CVEs enable local privilege escalation in Sophos Intercept X for Windows. Organizations deploying Sophos Intercept X Endpoint or Intercept X for Server must apply updates immediately or risk unauthorized elevation of privilege and potential complete system compromise. When the installer runs under the SYSTEM context, common in enterprise deployments, a local actor can exploit improper file permissions to replace or manipulate installer files and gain system-level code execution. Intercept X for Windows 2024.3.2 and the matched FTS/LTS branch versions include the CVE-2024-13972 registry fix. Device Encryption 2025.1 and its FTS/LTS counterparts resolve CVE-2025-7433, while installer version 1.22, published March 6, 2025, remediates CVE-2025-7472. Lastly, CVE-2025-7472 targets the installer for Intercept X for Windows.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 18 Jul 2025 13:25:13 +0000