An SQL injection vulnerability in the legacy (transparent) SMTP proxy of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA.

CVE Database V5

Detailed information about CVE-2025-7624: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Sophos Sophos Firewall 

CVE-2025-7624: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Sophos Sophos Firewall - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7624: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Sophos Sophos Firewall

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.

Detailed information about CVE-2025-7382: Vulnerability in Sophos Sophos Firewall affecting Sophos Sophos Firewall. Get real-time updates, technical details, an

CVE-2025-7382: Vulnerability in Sophos Sophos Firewall - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7382: Vulnerability in Sophos Sophos Firewall

Certain modem models developed by Askey has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and potentially execute arbitrary code.

CVE-2025-7921 is a critical stack-based buffer overflow vulnerability identified in the ASKEY RTF8207w modem. This vulnerability arises from improper handling of input data within the modem's firmware, allowing an unauthenticated remote attacker to overflow a stack buffer. Exploiting this flaw enables the attacker to manipulate the program's execution flow, potentially leading to arbitrary code execution. The vulnerability is classified under CWE-121, which pertains to stack-based buffer overflows—a common and dangerous class of memory corruption issues. The CVSS v4.0 score of 9.3 reflects the high severity, with an attack vector that requires no authentication (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high (VC:H, VI:H, VA:H), indicating that successful exploitation could lead to full system compromise. The affected product is the ASKEY RTF8207w modem, with no specific affected versions detailed beyond a placeholder '0', suggesting potentially all firmware versions are vulnerable. No patches or known exploits in the wild have been reported at the time of publication (July 21, 2025). Given the nature of the device—a modem used for network connectivity—this vulnerability could be exploited remotely over the network, making it a significant threat to any organization using this hardware. Attackers could leverage this flaw to gain persistent access, intercept or manipulate network traffic, or launch further attacks within the internal network.

Detailed information about CVE-2025-7921: CWE-121 Stack-based Buffer Overflow in ASKEY RTF8207w affecting ASKEY RTF8207w. Get real-time updates, technical detai

CVE-2025-7921: CWE-121 Stack-based Buffer Overflow in ASKEY RTF8207w - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7921: CWE-121 Stack-based Buffer Overflow in ASKEY RTF8207w

Lakeus is a simple skin made for MediaWiki. Starting in version 1.0.8 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rights can edit system messages that are improperly handled in order to send raw HTML. In the case of `lakeus-footermessage`, this will affect all users if the server is configured to link back to this repository. Otherwise, the system messages in themeDesigner.js are only used when the user enables it in their preferences. Versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0 contain a patch.

CVE-2025-25287 is a stored cross-site scripting (XSS) vulnerability identified in the Lakeus skin for MediaWiki, a popular open-source wiki platform. The vulnerability affects versions from 1.0.8 up to but not including 1.3.1+REL1.39. The root cause is improper neutralization of input during web page generation (CWE-79), specifically in the handling of system messages editable by users with high privileges (those with the 'editinterface' right). These system messages can contain raw HTML, which is not properly sanitized before being rendered. A notable example is the 'lakeus-footermessage' system message, which, if exploited, can affect all users visiting the MediaWiki instance if the server is configured to link back to the Lakeus repository. Other system messages in themeDesigner.js are only used if users enable the themeDesigner feature in their preferences, limiting exposure. The vulnerability allows an attacker with high privileges to inject malicious scripts that execute in the context of other users, potentially leading to session hijacking, privilege escalation, or other malicious actions. The vulnerability has been patched in versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0. The CVSS v3.1 base score is 4.7 (medium severity), reflecting network attack vector, low attack complexity, required high privileges, no user interaction, and impacts on confidentiality, integrity, and availability. No known exploits are currently reported in the wild.

Detailed information about CVE-2025-25287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lakejason0 mediawiki-

CVE-2025-25287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lakejason0 mediawiki-skins-Lakeus - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-25287: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in lakejason0 mediawiki-skins-Lakeus

An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode.

Detailed information about CVE-2025-6704: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Sophos Sophos Fir