Volver a la vista general de avisos de seguridad
Critical
CVE
CVE-2025-10159
Updated:
Producto(s)
Sophos Wireless
ID de publicación
sophos-sa-20250909-ap6
Versión de artículo
1
Primera publicación
Solución
No
Overview
Sophos has fixed an authentication bypass vulnerability in Sophos AP6 Series Wireless Access Points allowing attackers able to reach the access point’s management IP address to gain administrator level privileges. The issue was discovered by Sophos during internal security testing.
There is no action required for customers using the default updating policy, as updates are installed automatically by default.
Customers opting out of automatic updates are required to upgrade to receive this fix. See below for details.
Applies to the following product(s) and version(s)
Sophos AP6 Series Wireless Access Points firmware prior version 1.7.2563 (MR7)
Remediation
- Ensure you are running the latest version of your Sophos AP6 Series Wireless Access Points firmware
- Fix included in AP6 Series Wireless Access Points firmware version 1.7.2563 (MR7) after 11 August 2025
- Users of older versions of Sophos AP6 Series Wireless Access Points firmware are required to upgrade to receive the latest protections, and this fix
Related information
- https://www.cve.org/CVERecord?id=CVE-2025-10159
- https://community.sophos.com/sophoswireless/b/blog/posts/sophos-ap6-series-wireless-update-maintenance-release-mr-7-version-1-7-2563