Sophos Firewall
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sophos Firewall.
Known Exploited Sophos Firewall Vulnerabilities
The following Sophos Firewall vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Sophos Firewall Code Injection Vulnerability |
A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. CVE-2022-3236 Exploit Probability: 92.9% |
September 23, 2022 |
The vulnerability CVE-2022-3236: Sophos Firewall Code Injection Vulnerability is in the top 1% of the currently known exploitable vulnerabilities.
By the Year
In 2026 there have been 0 vulnerabilities in Sophos Firewall. Firewall did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 0.00 |
| 2023 | 1 | 7.50 |
| 2022 | 3 | 8.93 |
It may take a day or so for new Firewall vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sophos Firewall Security Vulnerabilities
Sophos Firewall User Portal Remote Code Execution Vulnerability
CVE-2024-12729
- December 19, 2024
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).
Sophos Firewall SQL Injection Vulnerability in Email Protection Feature
CVE-2024-12727
- December 19, 2024
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode.
Password Disclosure via SPX in Sophos Firewall <19.5.3
CVE-2023-5552
7.5 - High
- October 18, 2023
A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the password type is set to Specified by sender.
Insufficiently Protected Credentials
Code Injection in Sophos Firewall v19.0 MR1 and older User Portal/Webadmin
CVE-2022-3236
9.8 - Critical
- September 23, 2022
A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and older.
Code Injection
SQLi in Sophos FW Webadmin (<=18.5 MR4/<=19.0 MR1) Priv Escal
CVE-2022-1807
7.2 - High
- September 07, 2022
Multiple SQLi vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 18.5 MR4 and version 19.0 MR1.
SQL Injection
An authentication bypass vulnerability in the User Portal and Webadmin
CVE-2022-1040
9.8 - Critical
- March 25, 2022
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sophos Firewall or by Sophos? Click the Watch button to subscribe.
