Sophos and SonicWall have issued alerts about critical vulnerabilities in their firewall and SMA 100 Series appliances that could allow remote code execution. These flaws affect a small percentage of devices but pose significant risks, prompting immediate patches and recommended security measures. #SophosFirewall #SonicWallSMA
Keypoints
- Sophos Firewall has multiple vulnerabilities including CVE-2025-6704 and CVE-2025-7624, which can lead to remote code execution.
- The CVE-2025-6704 vulnerability affects approximately 0.05% of devices, while CVE-2025-7624 impacts up to 0.73%.
- SonicWallβs SMA 100 Series has a critical flaw (CVE-2025-40599) enabling remote attackers to upload malicious files.
- Both companies recommend security measures such as disabling remote management, resetting passwords, and using multi-factor authentication.
- The vulnerabilities have been patched, but organizations should review logs and improve security protocols to prevent exploitation.
Read More: https://thehackernews.com/2025/07/sophos-and-sonicwall-patch-critical-rce.html