{"id":59674,"date":"2025-07-27T05:28:53","date_gmt":"2025-07-27T05:28:53","guid":{"rendered":""},"modified":"2025-09-04T21:09:06","modified_gmt":"2025-09-05T03:09:06","slug":"cve-2025-7382-pre-auth-code-execution-vulnerability-in-sophos-firewall-webadmin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-7382-pre-auth-code-execution-vulnerability-in-sophos-firewall-webadmin\/","title":{"rendered":"CVE-2025-7382: Pre-Auth Code Execution Vulnerability in Sophos Firewall WebAdmin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-7382 is a high-risk vulnerability that affects the WebAdmin interface of Sophos Firewall versions older than 21.0 MR2 (21.0.2). This command injection vulnerability poses a serious threat to organizations as it allows adjacent attackers to execute arbitrary code on High Availability (HA) auxiliary devices without needing to authenticate first, provided OTP authentication for the admin user is enabled. As such, it’s crucial for network administrators and cybersecurity professionals to understand the implications of this vulnerability and how to mitigate its potential<\/a> impact.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-7382
\nSeverity: High (8.8)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: Potential system compromise<\/a> or data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n