Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. According to the Sophos security advisory, this vulnerability (CVE-2024-12727, CVE-2024-12728, CVE-2024-12729) is a code injection vulnerability allowing remote code execution that was discovered in the User Portal and Webadmin of Sophos Firewall.

More information on vulnerabilities and updates is available in Sophos security bulletins – sophos.com