CVE-2020-29574 Sophos CVE debrief

Who should care

Organizations still operating Sophos CyberoamOS/CROS, especially security teams, network administrators, vulnerability managers, and incident responders responsible for legacy perimeter or gateway appliances.

Technical summary

The supplied corpus identifies the issue as a SQL injection vulnerability in Sophos CyberoamOS (CROS). CISA’s KEV entry indicates the vulnerability is known to be exploited and notes that the impacted product is end-of-life/end-of-service. The supplied materials do not provide affected version ranges, patch availability, or remediation specifics beyond discontinuing use of the product.

Defensive priority

Immediate

Recommended defensive actions

• Inventory all Sophos CyberoamOS/CROS deployments and confirm whether any instances are still in service.
• Prioritize migration, replacement, or decommissioning because CISA notes the product is end-of-life/end-of-service.
• If temporary continued use is unavoidable, restrict exposure and segment the system as tightly as possible until it is removed.
• Review vendor and CISA guidance for any available transition path and ensure the asset is tracked in vulnerability and lifecycle management records.

Evidence notes

The analysis is based only on the supplied CVE record, CISA KEV metadata, and official links. The corpus supports these facts: the vulnerability is SQL injection in Sophos CyberoamOS (CROS), CISA added CVE-2020-29574 to KEV on 2025-02-06, and CISA notes the impacted product is end-of-life/end-of-service and should be discontinued. No CVSS score, affected version list, or vendor fix details were included in the supplied materials.

Official resources