CVE-2025-7433 HIGH

CVE-2025-7433

Vendor Sophos

Product Sophos Intercept X for Windows

Weakness CWE-502 · Unsafe deserialization

Published July 17, 2025

Last update July 17, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

Key dates

02Disclosure timeline

July 17, 2025 CVE published

July 17, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-7433 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/502.html

Related vulnerabilities

04Related CVE

CVE-2025-47660 WordPress WC Affiliate plugin <= 2.16 - PHP Object Injection vulnerability CVE-2021-34992 CVE-2026-40473 Apache Camel Mina: Unsafe Deserialization in MinaConverter.toObjectInput() via TCP/UDP CVE-2022-37023 Apache Geode deserialization of untrusted data flaw when using REST API on Java 8 or Java 11 CVE-2026-25747 Apache Camel LevelDB: Deserialization of Untrusted Data in Camel LevelDB