CVE-2025-6704

{"id": "CVE-2025-6704", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@sophos.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-07-21T14:15:30.133", "references": [{"url": "https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce", "tags": ["Vendor Advisory"], "source": "security-alert@sophos.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-alert@sophos.com", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2)\u00a0can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode."}, {"lang": "es", "value": "Una vulnerabilidad de escritura arbitraria de archivos en la funci\u00f3n Secure PDF eXchange (SPX) de las versiones de Sophos Firewall anteriores a 21.0 MR2 (21.0.2) puede provocar la ejecuci\u00f3n remota de c\u00f3digo antes de la autorizaci\u00f3n, si se habilita una configuraci\u00f3n espec\u00edfica de SPX en combinaci\u00f3n con el firewall ejecut\u00e1ndose en modo de alta disponibilidad (HA)."}], "lastModified": "2025-08-18T20:15:16.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:sophos:firewall_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "60BD3474-6124-4B78-BE83-103A4D2F97BF", "versionEndExcluding": "21.0.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:sophos:firewall:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F728103-324C-4F34-9EE6-6E922018A2EB"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-alert@sophos.com"}