Sophos patches vulnerabilities CVE-2024-13972, CVE-2025-7433, CVE-2025-7472

Critical Vulnerabilities in Sophos Endpoint Protection: Action Required

Sophos has recently addressed three high-severity local privilege escalation vulnerabilities in its Endpoint and Workload Protection for Windows, which could potentially allow local users to gain SYSTEM privileges or execute arbitrary code.

Vulnerability Details

The vulnerabilities are identified as follows:

• CVE-2024-13972: This vulnerability affects the Sophos Core Agent. The fixed version is 2024.3.2.
• CVE-2025-7433: This flaw impacts the Device Encryption component, with a fixed version released on July 1, 2025 (version 2025.1).
• CVE-2025-7472: This vulnerability is associated with the Sophos Installer, with a fix released on March 6, 2025 (version 1.22).

These vulnerabilities could be exploited by local users to escalate their privileges, potentially leading to significant security breaches.

Risks/Impact to Businesses

The implications of these vulnerabilities are serious. If exploited, they could allow unauthorised users to execute arbitrary code, leading to data breaches, loss of sensitive information, and disruption of business operations. The potential for such attacks highlights the importance of maintaining up-to-date security measures and being vigilant against internal threats.

Remediation

For customers using the default recommended updates, no immediate action is required, as they will receive the necessary updates automatically. However, those operating with Fixed Term Support (FTS), Long Term Support (LTS), or older installations must upgrade to the latest versions to mitigate these vulnerabilities.

For new deployments, it is crucial to replace any installer copies with those downloaded from Sophos Central after March 6, 2025. Unfortunately, there are no workarounds available for these vulnerabilities, making timely updates essential.

Closing

In light of these vulnerabilities, it is imperative for businesses to assess their current Sophos installations and ensure they are operating on the latest versions. Staying proactive in your cybersecurity measures is vital to safeguarding your organisation against potential threats. For further assistance or to discuss your security needs, please contact us at Globelink UK.