Critical Alert 1 Active Exploit Detected Today

CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability →
Powered by CVE Watchtower
×
June 13, 2026

CVE Watchtower


← Back to CVE List

CVE-2025-7382NVD

Vulnerability Summary

A command injection vulnerability in WebAdmin of Sophos Firewall versions older than 21.0 MR2 (21.0.2)Β can lead to adjacent attackers achieving pre-auth code execution on High Availability (HA) auxiliary devices, if OTP authentication for the admin user is enabled.
Severity Level
HIGH(8.8)
Published Date
Jul 21, 2025
Last Modified
Jul 22, 2025
Exploitation Status
????
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
CWE-78: OS Command Injection β†—
The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.
CVSS v3.1 Base Metrics
Attack VectorAdjacent
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

External References