Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6704

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.

Published

2025-07-21T14:15:30.133

Last Modified

2025-08-18T20:15:16.500

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	sophos	firewall_firmware	< 21.0.2	Yes
Hardware	sophos	firewall	-	No

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce Vendor Advisory ([email protected])