CVE-2021-25267

MEDIUM

Sophos Firewall <19.0 GA - Privilege Escalation

Title source: llm
STIX 2.1

Description

Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_confirm
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0

Scores

CVSS v3 6.8
EPSS 0.0025
EPSS Percentile 47.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-79
Status published
Products (1)
sophos/firewall_firmware < 19.0
Published May 05, 2022
Tracked Since Feb 18, 2026