Sophos CVEs July 2025: Immediate updates for Firewall and Intercept X recommended

In July 2025, Sophos has fixed several critical vulnerabilities in Sophos Firewall (SFOS) and Intercept X for Endpoint and Server. The vulnerabilities, including remote code execution (RCE) and privilege escalation, were closed by hotfixes and updates. Systems with automatic hotfix installation enabled are already secured. Users with Fixed Term Support (FTS) or Long Term Support (LTS) must update their systems manually to ensure full protection.

Affected Sophos products and CVEs

Sophos Firewall (SFOS)

* CVE-2025-6704: SPX file write with RCE potential (critical)
* CVE-2025-7624: SQL injection in transparent SMTP proxy (critical)
* CVE-2025-7382: Command injection in WebAdmin (high)
* CVE-2024-13974: Business logic vulnerability in Up2Date (high)
* CVE-2024-13973: SQL injection after authentication in WebAdmin (medium)

Sophos Intercept X for Endpoint & Server

* CVE-2024-13972: Incorrect registry permissions (high)
* CVE-2025-7433: Privilege escalation in Device Encryption (high)
* CVE-2025-7472: Privilege escalation in Installer (high)

Recommendations for action

Sophos strongly recommends checking installed versions and hotfixes to eliminate the risk of active attacks. Sophos Firewall in particular should have the latest hotfix HF071525.1 installed. For Intercept X, at least versions 2024.3.2 (Endpoint), 2025.1 (Device Encryption) and the installer from version 1.22 should be used.

Detailed information on the individual CVEs, hotfixes and highly recommended updates can be found on Firewalls24.

Update strategies for companies

The current CVEs underline the importance of continuous patch management. Organizations that do not update their systems regularly risk significant security vulnerabilities. Aphos GmbH's Professional Service offers Service Level Agreements (SLAs) that ensure automatic updates and proactive security checks - including ongoing maintenance of Sophos firewalls and endpoint and server solutions.

Aphos Gesellschaft für IT-Sicherheit mbH
Mergenthalerallee 73-75
Eschborn 65760
Germany

https://aphos.de/
https://firewalls24.de/

Herr Lennart Wyrwa
061965820160
marketing@aphos.de

Aphos Gesellschaft für IT-Sicherheit mbH is a specialized IT security provider with a focus on tailor-made cybersecurity solutions for companies, authorities and public institutions. As an accredited Sophos Platinum Partner, the company offers first-class consulting, comprehensive support and a broad portfolio of IT security solutions.

With Firewalls24.de, the store for IT security solutions from Sophos, Aphos GmbH enables fast and uncomplicated procurement of Sophos firewalls, switches, access points and Sophos Central licenses.

The combination of technical expertise, personal advice and great prices makes Aphos the ideal partner for companies of all sizes that rely on the highest security standards.

This release was published on openPR.