Sophos has fixed three critical vulnerabilities in its Firewall product.The vulnerabilities allowed for SQL injection, privileged SSH access, and remote code execution.The vulnerabilities affected Sophos Firewall v21.0 GA and older versions.Sophos recommends specific mitigations to address the vulnerabilities.