Security Advisories

Advisory

Impact

CVE

Product Family

Sort by

Items per page

RSS Feed

High

Resolved Multiple Vulnerabilities in Sophos Intercept X for Windows (CVE-2024-13972, CVE-2025-7433, CVE-2025-7472)

CVE(s):

CVE-2024-13972

CVE-2025-7433

CVE-2025-7472

Updated: 2025 Aug 3

Product(s):

Intercept X Endpoint

Intercept X for Server

Article Version: 2

Publication ID: sophos-sa-20250717-cix-lpe

First Published: Thu, 07/17/2025 - 19:00

Workaround: No
Critical

Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2025-6704, CVE-2025-7624, CVE-2025-7382, CVE-2024-13974, CVE-2024-13973)

CVE(s):

CVE-2025-6704

CVE-2025-7624

CVE-2025-7382

CVE-2024-13974

CVE-2024-13973

Updated: 2025 Jul 21

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20250721-sfos-rce

First Published: Mon, 07/21/2025 - 12:00

Workaround: No
Informational

Advisory: Apache Parquet Vulnerability (CVE-2025-30065)

CVE(s):

CVE-2025-30065

Updated: 2025 Apr 18

Product(s):

Sophos Central

Article Version: 2

Publication ID: sophos-sa-20250406-apache-parquet

First Published: Sun, 04/06/2025 - 06:52

Workaround: No
High

Resolved LPE vulnerability in Taegis Endpoint Agent (Linux) (CVE-2024-13861)

CVE(s):

CVE-2024-13861

Updated: 2025 Apr 11

Product(s):

Taegis Endpoint Agent

Article Version: 1

Publication ID: sophos-sa-20250411-taegis-agent-lpe

First Published: Fri, 04/11/2025 - 13:14

Workaround: No
Informational

Advisory: Oracle Cloud Data Breach

CVE(s):

Updated: 2025 Mar 23

Product(s):

Sophos Central

Article Version: 2

Publication ID: sophos-sa-20250321-oracle-cloud-data-breach

First Published: Sun, 03/23/2025 - 17:32

Workaround: No
Informational

Advisory: GitHub Action tj-actions/changed-files Compromise (CVE-2025-30066)

CVE(s):

CVE-2025-30066

Updated: 2025 Mar 17

Product(s):

Cloud Optix

Intercept X Endpoint

Intercept X for Server

Sophos Central

Sophos Email

Sophos Firewall

Sophos Home

Sophos RED

Sophos UTM

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 1

Publication ID: sophos-sa-20250317-tj-action-compromise

First Published: Mon, 03/17/2025 - 11:11

Workaround: No
Critical

Resolved Multiple Vulnerabilities in Sophos Firewall (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729)

CVE(s):

CVE-2024-12727

CVE-2024-12728

CVE-2024-12729

Updated: 2024 Dec 19

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20241219-sfos-rce

First Published: Thu, 12/19/2024 - 20:00

Workaround: Yes
High

Resolved LPE vulnerability in Sophos Intercept X for Windows (CVE-2024-8885)

CVE(s):

CVE-2024-8885

Updated: 2024 Oct 2

Product(s):

Intercept X Endpoint

Article Version: 1

Publication ID: sophos-sa-20241002-cde-lpe

First Published: Wed, 10/02/2024 - 12:00

Workaround: No
Informational

Advisory: CUPS Vulnerabilities

CVE(s):

CVE-2024-47076

CVE-2024-47175

CVE-2024-47176

CVE-2024-47177

Updated: 2024 Sep 27

Product(s):

Cloud Optix

Sophos Central

Sophos Firewall

Sophos RED

Sophos Switch

Sophos UTM

Sophos Wireless

Article Version: 1

Publication ID: sophos-sa-20240926-CUPS

First Published: Fri, 09/27/2024 - 08:04

Workaround: No
Informational

Advisory: Unauthenticated Remote Code Execution Vulnerability in OpenSSH (CVE-2024-6387)

CVE(s):

CVE-2024-6387

Updated: 2024 Jul 4

Product(s):

Cloud Optix

Intercept X Endpoint

Sophos Central

Sophos Email

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos RED

Sophos Secure Workspace (Android)

Sophos Switch

Sophos UTM

Sophos Wireless

SophosLabs Intelix

Article Version: 3

Publication ID: sophos-sa-20240704-regresshion

First Published: Thu, 07/04/2024 - 10:10

Workaround: No
Informational

Advisory: TunnelVision Vulnerability in VPN Clients

CVE(s):

CVE-2024-3661

Updated: 2024 Jun 10

Product(s):

Sophos Connect Client 2.0

Article Version: 1

Publication ID: sophos-sa-20240610-tunnelvision

First Published: Mon, 06/10/2024 - 11:32

Workaround: Yes
Informational

Advisory: Sisense Data Breach

CVE(s):

Updated: 2024 Apr 15

Product(s):

Sophos Central

Article Version: 1

Publication ID: sophos-sa-20240415-sisense-data-breach

First Published: Mon, 04/15/2024 - 17:49

Workaround: No
Informational

Advisory: Upstream Backdoor in XZ library

CVE(s):

CVE-2024-3094

Updated: 2024 Apr 1

Product(s):

Cloud Optix

Intercept X Endpoint

Intercept X for Server

Sophos Central

Sophos Email

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos RED

Sophos Switch

Sophos UTM

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 1

Publication ID: sophos-sa-20240401-XZ Backdoor

First Published: Mon, 04/01/2024 - 20:13

Workaround: No
Informational

Advisory: Leaky Vessels vulnerabilities in Docker and runc

CVE(s):

CVE-2024-21626

CVE-2024-23651

CVE-2024-23652

CVE-2024-23653

Updated: 2024 Feb 8

Product(s):

Cloud Optix

Intercept X Endpoint

Sophos Central

Sophos Email

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos RED

Sophos Switch

Sophos UTM

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 3

Publication ID: sophos-sa-20240206-leaky-vessels

First Published: Tue, 02/06/2024 - 22:49

Workaround: No
Critical

Resolved RCE in Sophos Firewall (CVE-2022-3236)

CVE(s):

CVE-2022-3236

Updated: 2023 Dec 11

Product(s):

Sophos Firewall

Article Version: 3

Publication ID: sophos-sa-20220923-sfos-rce

First Published: Fri, 09/23/2022 - 13:45

Workaround: Yes
Informational

Advisory: TunnelCrack Vulnerabilities in VPN Clients

CVE(s):

CVE-2023-36672

CVE-2023-35838

CVE-2023-36673

CVE-2023-36671

Updated: 2023 Nov 24

Product(s):

Sophos Connect Client 2.0

Article Version: 1

Publication ID: sophos-sa-20231124-tunnelcrack

First Published: Fri, 11/24/2023 - 14:00

Workaround: Yes
Critical

Sophos Web Appliance 4.3.10.4 Resolves Security Vulnerabilities

CVE(s):

CVE-2023-1671

CVE-2022-4934

CVE-2020-36692

Updated: 2023 Nov 17

Product(s):

Sophos Web Appliance (SWA)

Article Version: 2

Publication ID: sophos-sa-20230404-swa-rce

First Published: Tue, 04/04/2023 - 10:22

Workaround: No
Informational

Advisory: libwebp critical vulnerability

CVE(s):

CVE-2023-4863

Updated: 2023 Oct 31

Product(s):

Cloud Optix

Intercept X Endpoint

Intercept X for Server

Sophos Central

Sophos Connect Client 2.0

Sophos Email

Sophos Email Appliance (SEA)

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos RED

Sophos Switch

Sophos UTM

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 2

Publication ID: sophos-sa-20231002-libwebp-vuln

First Published: Tue, 10/03/2023 - 23:01

Workaround: No
Informational

Advisory: curl high severity vulnerability

CVE(s):

CVE-2023-38545

Updated: 2023 Oct 23

Product(s):

Cloud Optix

Intercept X Endpoint

Intercept X for Server

SafeGuard Enterprise (SGN)

Sophos Central

Sophos Connect Client 2.0

Sophos Email

Sophos Firewall

Sophos Home

Sophos Mobile

Sophos Mobile EAS Proxy

Sophos RED

Sophos Switch

Sophos UTM

Sophos Wireless

Sophos ZTNA

SophosLabs Intelix

Article Version: 1

Publication ID: sophos-sa-20231023-curl-vuln

First Published: Mon, 10/23/2023 - 17:08

Workaround: No
High

Resolved SPX password disclosure in Sophos Firewall (CVE-2023-5552)

CVE(s):

CVE-2023-5552

Updated: 2023 Oct 17

Product(s):

Sophos Firewall

Article Version: 1

Publication ID: sophos-sa-20231017-spx-password

First Published: Tue, 10/17/2023 - 23:13

Workaround: Yes