Sophos has disclosed three critical security vulnerabilities in its Intercept X for Windows endpoint security solution that could allow attackers to execute arbitrary code and gain system-level privileges on affected systems.
The vulnerabilities, designated CVE-2024-13972, CVE-2025-7433, and CVE-2025-7472, all carry high severity ratings and affect different components of the security software including the updater, Device Encryption module, and installer.
https://gbhackers.com/sophos-intercept- ... ows-flaws/