How severe is CVE-2024-12729?

CVE-2024-12729 has a CVSS v3 score of 8.8 (HIGH).

CVE-2024-12729

Name: firewall
Author: sophos

8.8HIGH

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

Published: 12/19/2024Updated: 11/12/2025

Description

A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1).

AI AnalysisPowered by AI

Affected Products

sophosfirewall_firmware

sophosfirewall

References

https://www.sophos.com/en-us/security-advisories/sophos-sa-20241219-sfos-rce
PatchVendor Advisory