Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution. According to the Sophos security advisory, this vulnerability (CVE-2022-3236) is a code injection vulnerability allowing remote code execution that was discovered in the User Portal and Webadmin of Sophos Firewall. Sophos reports that the vulnerability (CVE-2022-3236) is likely to be exploited in the wild. To address the flaw, Sophos released hotfixes and workarounds.

More information on vulnerability and updates is available in the Sophos advisory – sophos.com.