Total
                    3 CVE
                
            | CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 | 
|---|---|---|---|---|---|
| CVE-2025-6704 | 1 Sophos | 2 Firewall, Firewall Firmware | 2025-08-18 | N/A | 9.8 CRITICAL | 
| An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode. | |||||
| CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 6.0 MEDIUM | 8.4 HIGH | 
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | |||||
| CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 8.5 HIGH | 6.8 MEDIUM | 
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | |||||
