An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos

链接： https://github.com/advisories/GHSA-5m7h-7mwc-924h

CVSS 评分： 9.8

参考链接：

https://nvd.nist.gov/vuln/detail/CVE-2025-6704
https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce
https://github.com/advisories/GHSA-5m7h-7mwc-924h

描述：

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.

安全公告

#Github Advisory

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos

http://example.com/2025/07/21/github_3811727966/

作者

lianccc

发布于

2025年7月21日

许可协议

Sudo Privilege Escalation 上一篇

An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions 下一篇