Unrated severityNVD Advisory· Published Jul 21, 2025· Updated Jul 21, 2025

CVE-2024-13974

Description

A business logic vulnerability in the Up2Date component of Sophos Firewall older than version 21.0 MR1 (20.0.1) can lead to attackers controlling the firewall’s DNS environment to achieve remote code execution.

Affected products

Sophos/Sophos Firewallllm-fuzzy
Range: <21.0 MR1 (20.0.1)
Sophos/Sophos Firewallv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rcemitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000