CVE-2024-13973 MEDIUM

CVE-2024-13973

Vendor Sophos

Product Sophos Firewall

Weakness CWE-89 · SQLi

Published July 21, 2025

Last update July 21, 2025

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A post-auth SQL injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR1 (21.0.1) can potentially lead to administrators achieving arbitrary code execution.

Key dates

02Disclosure timeline

July 21, 2025 CVE published

July 21, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-13973

Related vulnerabilities

04Related CVE

CVE-2023-24812 SQL injection of notes/search-by-tag CVE-2026-40845 Authenticated SQLi in devices_configuration view CVE-2023-4176 SourceCodester Hospital Management System appointmentapproval.php sql injection CVE-2019-25433 XOOPS CMS 2.5.9 SQL Injection via gerar_pdf.php CVE-2026-49498 Ghidra 11.0 < 12.1 - SQL Injection in PostgreSQL Password Change via Unescaped Username