Vulnerability Details CVE-2025-6704
An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.8%
CVSS Severity
CVSS v3 Score 9.8
Products affected by CVE-2025-6704
-
cpe:2.3:h:sophos:firewall:-
-
cpe:2.3:o:sophos:firewall_firmware:-
-
cpe:2.3:o:sophos:firewall_firmware:19.0