CVE-2025-7433 | THREATINT

Description

A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution.

PUBLISHED Reserved 2025-07-10 | Published 2025-07-17 | Updated 2025-07-17 | Assigner Sophos

HIGH: 8.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status

unaffected

Any version before 2025.1

affected

Credits

Sina Kheirkhah (@SinSinology) of watchTowr (https://watchtowr.com) finder

References

www.sophos.com/...rity-advisories/sophos-sa-20250717-cix-lpe

cve.org (CVE-2025-7433)

nvd.nist.gov (CVE-2025-7433)

Download JSON