Tuesday, May 6, 2025
HomeCVE/vulnerabilitySophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code

Sophos Firewall Code Injection Flaw: Let Attackers Execute Remote Code

Published on

SIEM as a Service

Follow Us on Google News

A critical security flaw has been discovered in the Sophos Firewall User Portal and Webadmin, allowing hackers to execute malicious code remotely.

The vulnerability enables attackers to inject harmful code into the software, which if exploited, can result in a complete takeover of the system and data theft.

The Sophos updated their firewalls to a new version in order to detect new exploit attempts against the older version. This RCE vulnerability has a score of Critical (9.8).

- Advertisement - Google News

Sophos said that “vulnerable devices are running end-of-life (EOL) firmware. We immediately developed a patch for certain EOL firmware versions, which was automatically applied to the 99% of affected organizations that have “accept hotfix” turned on”.

Sophos Firewall v19.0 MR1 (19.0.1) and older, which was released in 2022, has become outdated. As a result, the firmware on every vulnerable device has reached its end-of-life (EOL).

This means that these devices will no longer receive updates or support, leaving them open to potential security risks and vulnerabilities.

It is important to note that attackers have been on the lookout for firmware and end-of-life (EOL) devices from various technology vendors.

This particular vulnerability has been exploited with the purpose of targeting a specific group of companies, mostly located in South Asia, as reported by Sophos.

Web admin Portals

It is crucial for organizations to take steps to ensure the security of their User Portal and Web admin, by preventing their exposure to the Wide Area Network (WAN).

For remote access and management, it is advisable to utilize either VPN or Sophos Central (which is the recommended choice). To adhere to device access best practices, it is recommended by Sophos to disable WAN access to the User Portal and Webadmin.

The hotfix installation is automatically enabled by default. Follow these steps to confirm this setting:

  • Go to Backup & firmware > Firmware > Hotfix.
  • Turn on Allow automatic installation of hotfixes.
  • Click Apply.

If hotfixes are enabled, but you are not getting them, check the connectivity requirements for the Up2Date component on Sophos Firewall: Default services.

To verify the hotfix
To verify the hotfix

It is crucial for organizations to stay vigilant and take necessary measures to protect their systems and data from potential attacks.

Latest articles

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI...

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using...

Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers...

Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months

The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji

Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI...

Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks

Microsoft’s cybersecurity research team has issued a stark warning about the risks of using...

Popular Instagram Blogger’s Account Hacked to Phish Users and Steal Banking Credentials

A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers...