Sophos and SonicWall have notified users about significant security weaknesses in Sophos Firewall and Secure Mobile Access (SMA) 100 Series devices that could be leveraged for remote code execution.

The following two vulnerabilities affecting Sophos Firewall are detailed below –

CVE-2025-6704 (CVSS score: 9.8) – A vulnerability allowing the arbitrary writing of files in the Secure PDF eXchange (SPX) feature may result in