Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-13973

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

Published

2025-07-21T14:15:26.747

Last Modified

2025-11-17T16:27:18.863

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.8 (MEDIUM)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sophos	firewall_firmware	< 21.0.1	Yes
Hardware	sophos	firewall	-	No

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce Vendor Advisory ([email protected])