Local Privilege Escalation in Sophos Intercept X for Windows

CVE-2025-7433

What is CVE-2025-7433?

CVE-2025-7433 is a local privilege escalation vulnerability found in Sophos Intercept X for Windows, specifically affecting versions with Central Device Encryption prior to 2025.1. Sophos Intercept X is a cybersecurity solution designed to provide advanced protection against malware, exploits, and ransomware, securing endpoints within corporate environments. The vulnerability allows an attacker with local access to execute arbitrary code, potentially leading to unauthorized elevation of privileges. This could enable them to manipulate system security settings or gain broader access to sensitive data, significantly jeopardizing the overall integrity and security of an organization’s IT infrastructure.

Potential impact of CVE-2025-7433

1. Unauthorized Access and Control: Exploiting this vulnerability could allow malicious actors to gain elevated privileges, facilitating remote access or control over compromised systems, which may lead to further exploitation and data breaches.

2. Compromise of Sensitive Data: With elevated permissions, attackers could access, modify, or exfiltrate confidential information, including personal data and proprietary business information, leading to severe privacy violations and financial loss.

3. Increased Risk of Malware Propagation: The ability to execute arbitrary code could allow attackers to deploy additional malware or ransomware within an organization's network, amplifying the impact of the initial breach and increasing recovery and remediation costs.

News Articles

Cyber Press

CVE-2024-13972CVE-2025-7433

Sophos Intercept X for Windows Vulnerabilities Allow Arbitrary Code Execution

Identified as CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, each flaw could allow a low-privileged user to gain SYSTEM-level rights on a compromised host.

References