CVE-2021-25268 HIGH

CVE-2021-25268

Vendor Sophos
Product Sophos Firewall
Published May 5, 2022
Last update August 3, 2024

CVSS base score

8.4/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.

Key dates

02Disclosure timeline

May 5, 2022 CVE published
August 3, 2024 Record updated