Press release
Sophos CVEs July 2025: Immediate updates for Firewall and Intercept X recommended

Symbolic representation of the CVEs for Sophos Firewall, Endpoint & Server Protection. (© Aphos GmbH / Firewalls24)
Affected Sophos products and CVEs
Sophos Firewall (SFOS)
* CVE-2025-6704: SPX file write with RCE potential (critical)
* CVE-2025-7624: SQL injection in transparent SMTP proxy (critical)
* CVE-2025-7382: Command injection in WebAdmin (high)
* CVE-2024-13974: Business logic vulnerability in Up2Date (high)
* CVE-2024-13973: SQL injection after authentication in WebAdmin (medium)
Sophos Intercept X for Endpoint & Server
* CVE-2024-13972: Incorrect registry permissions (high)
* CVE-2025-7433: Privilege escalation in Device Encryption (high)
* CVE-2025-7472: Privilege escalation in Installer (high)
Recommendations for action
Sophos strongly recommends checking installed versions and hotfixes to eliminate the risk of active attacks. Sophos Firewall in particular should have the latest hotfix HF071525.1 installed. For Intercept X, at least versions 2024.3.2 (Endpoint), 2025.1 (Device Encryption) and the installer from version 1.22 should be used.
Detailed information on the individual CVEs, hotfixes and highly recommended updates can be found on Firewalls24.
Update strategies for companies
The current CVEs underline the importance of continuous patch management. Organizations that do not update their systems regularly risk significant security vulnerabilities. Aphos GmbH's Professional Service offers Service Level Agreements (SLAs) that ensure automatic updates and proactive security checks - including ongoing maintenance of Sophos firewalls and endpoint and server solutions.
Aphos Gesellschaft für IT-Sicherheit mbH
Mergenthalerallee 73-75
Eschborn 65760
Germany
https://aphos.de/
https://firewalls24.de/
Herr Lennart Wyrwa
061965820160
marketing@aphos.de
Aphos Gesellschaft für IT-Sicherheit mbH is a specialized IT security provider with a focus on tailor-made cybersecurity solutions for companies, authorities and public institutions. As an accredited Sophos Platinum Partner, the company offers first-class consulting, comprehensive support and a broad portfolio of IT security solutions.
With Firewalls24.de, the store for IT security solutions from Sophos, Aphos GmbH enables fast and uncomplicated procurement of Sophos firewalls, switches, access points and Sophos Central licenses.
The combination of technical expertise, personal advice and great prices makes Aphos the ideal partner for companies of all sizes that rely on the highest security standards.
This release was published on openPR.
Permanent link to this press release:
Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.
You can edit or delete your press release Sophos CVEs July 2025: Immediate updates for Firewall and Intercept X recommended here
News-ID: 4115995 • Views: …
More Releases from Aphos GmbH

CIS Controls v8.1 integrated into Sophos Central Assessment Tool
The assessment tool in Sophos Central now also supports the latest CIS Controls v8.1, adding another internationally recognized standard for assessing cybersecurity maturity to the functionality of Sophos's self-assessment platform. This provides organizations with a practical tool to evaluate and prioritize protection measures in a structured manner and align them with established frameworks such as CIS, NIST or NIS-2.
CIS Controls v8.1: Internationally recognized security framework
The CIS Controls (Center for Internet…
More Releases for Sophos
Sophos Expands Cloud-Managed Security Portfolio with Server Protection
Dubai, UAE – November 20, 2014 – Sophos today announced the release of Sophos Cloud Server Protection, a high performance malware protection solution designed specifically for servers. The solution expands Sophos Cloud to a comprehensive security platform designed to protect desktops, laptops, mobile phones, tablets and now servers with the most effective and simplest to manage business security offering available.
Servers store large amounts of sensitive information…
Sophos Announces Expanded Security Offerings through AWS Marketplace
Dubai, UAE– November 12, 2014 – Sophos today announced the expansion of their product portfolio on AWS Marketplace with the addition of a new secure server option for customers on Amazon Web Services (AWS). Building on the success of the Sophos UTM Next Generation Firewall product, which is offered through AWS Marketplace, the new Sophos Secure OS delivers comprehensive security bundled with CentOS.
Secure AWS Servers
AWS provides a comprehensive, scalable cloud…
Sophos DeliversAdvanced Threat Protectionfor the Small and Mid-Market
Dubai, UAE– March 12, 2014 – Sophos today announced an extensive update to its award winning Unified Threat Management solution, Sophos UTM. With more than 100 new features, the highlight of the new UTM platform is bringing Advanced Threat Protection (ATP) to the small and mid market, capabilities that were previously only available to large enterprises.
Developed by SophosLabs, thisnew SophosUTM approach brings together multiple technologiesto rapidly identifyand isolate infected clients…
Sophos Acquires Cyberoam Technologies
Dubai, UAE – February 10, 2014 – Sophos announced today that it has acquired Cyberoam Technologies, a leading global provider of network security products. The acquisition expands and deepens Sophos’ already significant product portfolio in network security, by combining Cyberoam’s Unified Threat Management (UTM), next-generation firewall and network security expertise with Sophos’ existing award-winning network security solutions in UTM and wireless security.
“Sophos and Cyberoam create a winning combination at the…
Computerlinks and Sophos Host Inaugural Channel Event in Dubai
Dubai, UAE – March 4, 2013 – Sophos today announced that it will host an inaugural channel event with new value added distributor (VAD)Computerlinks on March 5th, 2013 at The Address Dubai Mall Hotel, Dubai. Senior executives from Sophos and Computerlinks will give channel partners an overview of the latest trends in security, and show how the two companies are working together to bring a new approach to keeping businesses…
Sophos Strengthens Senior Leadership Team
Dubai, UAE – February 27, 2013 – Sophos today announced the appointments of two new leaders to the company’s executive team. Michael Valentine has joined Sophos as senior vice president of worldwide sales and Ari Buchler has joined the company as general counsel and vice president of corporate development. Both will be based in the company’s North America headquarters in Boston, and will report to Sophos CEO Kris Hagerman.…