.. / CVE-2020-25223

Exploit for Sophos UTM Preauth - Remote Code Execution (CVE-2020-25223)

Description:

Sophos SG UTMA WebAdmin is susceptible to a remote code execution vulnerability in versions before v9.705 MR5, v9.607 MR7, and v9.511 MR11.

Nuclei Template

View the template here CVE-2020-25223.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-25223.yaml
Copy

References:

https://cwe.mitre.org/data/definitions/78.html
https://community.sophos.com/b/security-blog
https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
https://nvd.nist.gov/vuln/detail/CVE-2020-25223
https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223