CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-7624

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 32.1%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce

Products affected by CVE-2025-7624

Sophos » Firewall » Version: N/A

cpe:2.3:h:sophos:firewall:-
Sophos » Firewall Firmware » Version: N/A

cpe:2.3:o:sophos:firewall_firmware:-
Sophos » Firewall Firmware » Version: 19.0

cpe:2.3:o:sophos:firewall_firmware:19.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-7624

Products

Pricing

Contact Us