An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions

链接： https://github.com/advisories/GHSA-rjpf-qp74-8rgx

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-7624
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
https://github.com/advisories/GHSA-rjpf-qp74-8rgx

描述：

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

安全公告

#Github Advisory

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions

http://example.com/2025/07/21/github_2840472209/

作者

lianccc

发布于

2025年7月21日

许可协议

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos 上一篇

DNN (DotNetNuke) Unicode Path Normalization NTLM Hash Disclosure Vulnerability 下一篇