CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-7382

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.3%

CVSS Severity

CVSS v3 Score 8.8

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Products affected by CVE-2025-7382

Sophos » Firewall » Version: N/A

cpe:2.3:h:sophos:firewall:-
Sophos » Firewall Firmware » Version: N/A

cpe:2.3:o:sophos:firewall_firmware:-
Sophos » Firewall Firmware » Version: 19.0

cpe:2.3:o:sophos:firewall_firmware:19.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-7382

Products

Pricing

Contact Us