Redazione RHC : 18 July 2025 07:41
Sophos announced that it has resolved three separate security vulnerabilities in Sophos Intercept X for Windows and its installer. These vulnerabilities, designated CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, have been rated High severity. The security bulletin, with Release ID sophos-sa-20250717-cix-lpe, was updated and released on July 17, 2025 and does not include any workarounds. The affected products are Sophos Intercept X Endpoint and Intercept X for Server.
The first vulnerability, CVE-2024-13972, involves a registry permissions issue when updating Intercept X for Windows. This flaw could have allowed a local user to gain system-level privileges during the product update process. Sophos thanks Filip Dragovic of MDSec for responsibly reporting this vulnerability.
The second vulnerability, CVE-2025-7433, is a local privilege escalation vulnerability in the Device Encryption component of Sophos Intercept X for Windows. This flaw could have allowed arbitrary code execution. Sophos thanked Sina Kheirkhah (@SinSinology) of watchTowr for her responsible reporting.
Finally, CVE-2025-7472 is a local privilege escalation vulnerability discovered in the Intercept X installer for Windows. If the installer were run with system (SYSTEM) privileges, a local user could gain system-level privileges.
This vulnerability was discovered and reported to Sophos via its bug bounty program, with special thanks to Sandro Poppi for his responsible reporting. For customers using older versions of the installer to actively deploy endpoints and servers, it is critical to download the latest installer version from Sophos Central.
For most customers, no manual action is required. This is because, by default, customers using the default update policy automatically receive updates for recommended packages. This ensures that fixes for these vulnerabilities are installed without user intervention.
However, customers using Fixed Term Support (FTS) or Long Term Support (LTS) packages must take action to receive these fixes. These users should perform an update to ensure security patches are applied to their systems.
Redazione