CRITICAL🇵🇱 Wersja polska

CVE-2025-10159

CVSS 9.8v3.1pub. 2025-09-09upd. 2026-04-15

An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

🤖 AI Analysis
How it works

The vulnerability classified as CWE-620 (Unverified Password Change) allows an attacker to bypass the identity verification mechanisms built into the device software. A remote attacker, without authentication and without any user interaction, can obtain full administrative privileges on the device. The network attack vector (AV:N) combined with low attack complexity (AC:L) and no privilege requirements (PR:N) means that the exploit is trivial to execute from anywhere on the network.

Impact

An attacker gains full administrative control over the access point, allowing them to modify wireless network configuration, intercept network traffic, create backdoors, and potentially leverage the device as a pivot point for further lateral movement within the network.

Mitigation & patch

Update the firmware of Sophos AP6 Series devices as soon as possible to version 1.7.2563 (MR7) or newer. Detailed instructions are available in the official security advisory from the vendor: https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6

Who is affected

Sophos AP6 Series Wireless Access Points with firmware older than version 1.7.2563 (MR7)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References