CVE-2025-7624
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2025-7624. We'll provide specific mitigation strategies based on your environment and risk profile.
CVSS Score
V3.1Attack Vector Metrics
Impact Metrics
Description
An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.
Available Exploits
Related News
Sophos addressed five Sophos Firewall vulnerabilities that could allow remote attackers to execute arbitrary code. Sophos has fixed five vulnerabilities (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973) in Sophos Firewall that coul…
Affected Products
Affected Versions:
EU Vulnerability Database
Monitored by ENISA for EU cybersecurity
ENISA Analysis
An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.
Affected Products (ENISA)
ENISA Scoring
CVSS Score (3.1)
EPSS Score
Data provided by ENISA EU Vulnerability Database. Last updated: July 21, 2025
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: July 21, 2025, Modified: July 21, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
August Patch Tuesday updates 𝗧𝗼𝗱𝗮𝘆'𝘀 𝗣𝗮𝘁𝗰𝗵 𝗧𝘂𝗲𝘀𝗱𝗮𝘆 𝗼𝘃𝗲𝗿𝘃𝗶𝗲𝘄: ▪️ Microsoft has addressed 107 vulnerabilities, one zero-day with PoC (CVE-2025-53779), 13 critical ▪️ Third-party: actively exploited vulnerabilities in Google Chrome, Android, Apple, Cisco ISE, and Wing FTP Server, plus major third-party issues affecting Axis Communications, Dell ControlVault3, Nvidia, WordPress, and Sophos …
🔥 Top 10 Trending CVEs (27/07/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-23266](https://nvd.nist.gov/vuln/detail/CVE-2025-23266)** - 📝 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A …
Critical RCE Flaws in Sophos and SonicWall Devices Demand Immediate Action **Sophos and SonicWall have issued urgent patches for critical vulnerabilities that could allow remote code execution on their firewall and SMA 100 devices.** **Key Points:** - Sophos Firewall vulnerabilities CVE-2025-6704 and CVE-2025-7624 are rated CVSS 9.8, allowing potential pre-auth …