{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T03:16:17.815","vulnerabilities":[{"cve":{"id":"CVE-2020-25223","sourceIdentifier":"cve@mitre.org","published":"2020-09-25T04:23:04.857","lastModified":"2025-11-07T22:01:53.673","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11"},{"lang":"es","value":"Se presenta una vulnerabilidad de ejecución de código remota en WebAdmin de Sophos SG UTM versiones anteriores a v9.705 MR5, v9.607 MR7 y v9.511 MR11"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2022-03-25","cisaActionDue":"2022-04-15","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Sophos SG UTM Remote Code Execution Vulnerability","weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*","versionEndExcluding":"9.511","matchCriteriaId":"BA2939C6-2293-4466-9C4F-52544D3E8BDF"},{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*","versionStartIncluding":"9.600","versionEndExcluding":"9.607","matchCriteriaId":"A0AE7745-9A4A-4369-81A6-B7E27ADBBEDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:*:*:*:*:*:*:*:*","versionStartIncluding":"9.700","versionEndExcluding":"9.705","matchCriteriaId":"991F1452-7B5F-4B9C-9BB6-8469D45B1570"},{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:9.511:-:*:*:*:*:*:*","matchCriteriaId":"AAEC9A72-3E62-4FB6-AFE0-BEA7CFE4C86D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:9.607:-:*:*:*:*:*:*","matchCriteriaId":"CC343E3F-5FF0-4492-B8C8-33C1B92D39F3"},{"vulnerable":true,"criteria":"cpe:2.3:a:sophos:unified_threat_management:9.705:-:*:*:*:*:*:*","matchCriteriaId":"5D7A1A80-2170-406C-8680-63D2B4AE067B"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/b/security-blog","source":"cve@mitre.org","tags":["Not Applicable","Vendor Advisory"]},{"url":"https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"https://cwe.mitre.org/data/definitions/78.html","source":"cve@mitre.org","tags":["Technical Description"]},{"url":"https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"http://packetstormsecurity.com/files/164697/Sophos-UTM-WebAdmin-SID-Command-Injection.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://community.sophos.com/b/security-blog","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable","Vendor Advisory"]},{"url":"https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://cwe.mitre.org/data/definitions/78.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Technical Description"]},{"url":"https://www.secpod.com/blog/remote-code-execution-in-sophos-utm/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-25223","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}