セキュリティ勧告の概要に戻る
Critical
CVE
CVE-2025-10159
Updated:
製品
Sophos Wireless
文章 ID
sophos-sa-20250909-ap6
文章のバージョン
1
公開日
対処策
No
Overview
Sophos has fixed an authentication bypass vulnerability in Sophos AP6 Series Wireless Access Points allowing attackers able to reach the access point’s management IP address to gain administrator level privileges. The issue was discovered by Sophos during internal security testing.
There is no action required for customers using the default updating policy, as updates are installed automatically by default.
Customers opting out of automatic updates are required to upgrade to receive this fix. See below for details.
Applies to the following product(s) and version(s)
Sophos AP6 Series Wireless Access Points firmware prior version 1.7.2563 (MR7)
Remediation
- Ensure you are running the latest version of your Sophos AP6 Series Wireless Access Points firmware
- Fix included in AP6 Series Wireless Access Points firmware version 1.7.2563 (MR7) after 11 August 2025
- Users of older versions of Sophos AP6 Series Wireless Access Points firmware are required to upgrade to receive the latest protections, and this fix
Related information
- https://www.cve.org/CVERecord?id=CVE-2025-10159
- https://community.sophos.com/sophoswireless/b/blog/posts/sophos-ap6-series-wireless-update-maintenance-release-mr-7-version-1-7-2563