## https://sploitus.com/exploit?id=SAINT:4A73A5CD7FE341977E86117842CBB67D
Added: 08/27/2021
### Background
[Sophos UTM](<https://www.sophos.com/en-us/products/unified-threat-management.aspx>) is a network security appliance.
### Problem
A vulnerability in the Webadmin interface allows remote attackers to execute arbitrary commands by sending a specially crafted POST request.
### Resolution
Upgrade to Sophos SG UTM v9.511 MR11, v9.607 MR7, or v9.705 MR5 or higher.
### References
<https://community.sophos.com/b/security-blog/posts/advisory-resolved-rce-in-sg-utm-webadmin-cve-2020-25223>
<https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223>
### Limitations
Exploit works on Sophos UTM v9.701 and possibly other versions.
### Platforms
Linux