{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T04:13:45.119","vulnerabilities":[{"cve":{"id":"CVE-2025-6704","sourceIdentifier":"security-alert@sophos.com","published":"2025-07-21T14:15:30.133","lastModified":"2025-08-18T20:15:16.500","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature of Sophos Firewall versions older than 21.0 MR2 (21.0.2) can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode."},{"lang":"es","value":"Una vulnerabilidad de escritura arbitraria de archivos en la función Secure PDF eXchange (SPX) de las versiones de Sophos Firewall anteriores a 21.0 MR2 (21.0.2) puede provocar la ejecución remota de código antes de la autorización, si se habilita una configuración específica de SPX en combinación con el firewall ejecutándose en modo de alta disponibilidad (HA)."}],"metrics":{"cvssMetricV31":[{"source":"security-alert@sophos.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-alert@sophos.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:sophos:firewall_firmware:*:*:*:*:*:*:*:*","versionEndExcluding":"21.0.2","matchCriteriaId":"60BD3474-6124-4B78-BE83-103A4D2F97BF"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:sophos:firewall:-:*:*:*:*:*:*:*","matchCriteriaId":"2F728103-324C-4F34-9EE6-6E922018A2EB"}]}]}],"references":[{"url":"https://www.sophos.com/en-us/security-advisories/sophos-sa-20250721-sfos-rce","source":"security-alert@sophos.com","tags":["Vendor Advisory"]}]}}]}