CyberSec.Space Logo
Back to CVE Browser

CVE-2020-25223

Known Exploited (CISA KEV)CRITICAL
9.8
CVSS Severity Score
EPSS Score96.6110%
EPSS Percentile94.16th
PublishedSep 25, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11

Affected Platforms (CPE)

πŸ“¦
Sophos

Unified Threat Management

< 9.511
πŸ“¦
Sophos

Unified Threat Management

>= 9.600 and < 9.607
πŸ“¦
Sophos

Unified Threat Management

>= 9.700 and < 9.705
πŸ“¦
Sophos

Unified Threat Management

= 9.511
πŸ“¦
Sophos

Unified Threat Management

= 9.607
πŸ“¦
Sophos

Unified Threat Management

= 9.705

References & Advisories

πŸ”— http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
πŸ”— https://community.sophos.com/b/security-blog
πŸ”— https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223
πŸ”— https://cwe.mitre.org/data/definitions/78.html
πŸ”— https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/
πŸ”— http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html
πŸ”— https://community.sophos.com/b/security-blog
πŸ”— https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223

Related Vulnerabilities

CVE-2019-00107.5

An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message ...

CVE-2010-22904.3

Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in McAfee Unified Threat Management (UTM) Firewall (formerly SnapGea...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...