CVE-2020-29574 is a SQL injection vulnerability in Sophos CyberoamOS (CROS). CISA added it to the Known Exploited Vulnerabilities catalog on 2025-02-06 and states the impacted product is end-of-life/end-of-service, so any remaining use should be treated as a high-priority retirement or migration issue.
CVE-2020-15069 is a Sophos XG Firewall buffer overflow vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2025-02-06. Because it is in KEV, defenders should treat it as actively exploited and prioritize remediation using Sophos guidance or stop using the product if mitigations are not available.
