Sophos Security Vulnerabilities (CVEs)
Track 14 security vulnerabilities affecting Sophos products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to write arbitrary files to Sophos Firewall systems, potentially leading to remote code execution....
Jul 21, 2025An SQL injection vulnerability in Sophos Firewall's legacy SMTP proxy allows remote attackers to execute arbitrary code on affected systems. This affe...
Jul 21, 2025This vulnerability in Sophos Firewall's Up2Date component allows attackers who control the firewall's DNS environment to achieve remote code execution...
Jul 21, 2025This CVE describes a post-authentication SQL injection vulnerability in Sophos Firewall's WebAdmin interface. Attackers with administrative credential...
Jul 21, 2025A local privilege escalation vulnerability in Taegis Endpoint Agent on Debian-based Linux systems allows local users to execute arbitrary code with ro...
Apr 11, 2025This critical vulnerability allows unauthenticated attackers to execute SQL injection attacks against Sophos Firewall's email protection feature. Succ...
Dec 19, 2024This is a post-authentication code injection vulnerability in Sophos Firewall's User Portal that allows authenticated users to execute arbitrary code ...
Dec 19, 2024This CVE describes a post-authentication command injection vulnerability in Sophos Web Appliance's exception wizard. It allows authenticated administr...
Apr 4, 2023CVE-2023-1671 is a critical pre-authentication command injection vulnerability in Sophos Web Appliance that allows unauthenticated attackers to execut...
Apr 4, 2023CVE-2022-1040 is an authentication bypass vulnerability in Sophos Firewall's User Portal and Webadmin interfaces that allows remote attackers to execu...
Mar 25, 2022This is a post-authentication SQL injection vulnerability in Sophos UTM's Mail Manager component. An authenticated attacker could potentially execute ...
Mar 22, 2022An authenticated user can execute arbitrary code through an SQL injection vulnerability in the Sophos SG UTM user portal. This affects organizations r...
Nov 26, 2021CVE-2021-25265 is a remote code execution vulnerability in Sophos Connect Client where a malicious website could execute arbitrary code on affected sy...
Mar 22, 2021This SQL injection vulnerability in Cyberoam OS WebAdmin allows unauthenticated attackers to execute arbitrary SQL commands remotely. It affects Cyber...
Dec 11, 2020Why Monitor Sophos Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 14+ known vulnerabilities affecting Sophos products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Sophos packages in under 60 seconds. No agents required - completely agentless scanning that works across Sophos deployments.
Free vulnerability database: Access detailed information about every Sophos CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Sophos CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
