CVE-2025-10159 in AP6 Wireless Access Points
Summary
by MITRE • 09/10/2025
An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/10/2025
This vulnerability represents a critical authentication bypass flaw in Sophos AP6 Series Wireless Access Points that affects devices running firmware versions prior to 1.7.2563. The issue stems from insufficient validation of authentication credentials during the administrative access process, allowing remote attackers to bypass the standard authentication mechanism entirely. The vulnerability exists within the web-based management interface of these access points, where the system fails to properly verify user credentials before granting administrative privileges. This flaw enables attackers to assume full administrative control over the affected wireless access points without requiring legitimate credentials or prior access to the network.
The technical implementation of this vulnerability involves a failure in the authentication flow where the system does not adequately validate the session tokens or authentication parameters sent by clients attempting to access the administrative interface. Attackers can exploit this by crafting specific HTTP requests that bypass the normal authentication checks, effectively allowing them to execute administrative commands and modify network configurations. This issue is particularly concerning because it affects wireless infrastructure devices that often serve as critical network entry points and are typically deployed in environments where physical access is limited or controlled. The vulnerability aligns with CWE-287 which addresses improper authentication issues, and maps to ATT&CK technique T1078.004 related to valid accounts and T1021.001 for remote services.
The operational impact of this vulnerability extends beyond simple privilege escalation as it provides attackers with complete control over the wireless access point's configuration, including the ability to modify wireless settings, manage user access, and potentially redirect traffic through the compromised device. Network administrators lose visibility into the wireless infrastructure, and attackers can establish persistent access points or create backdoors within the network. The remote nature of this attack means that threat actors can exploit this vulnerability from anywhere on the internet without requiring physical proximity to the device. This creates a significant risk for organizations that rely on these access points for network access control, as the compromise of a single device can provide unauthorized access to the entire network segment it serves.
Organizations should immediately implement mitigations including firmware updates to version 1.7.2563 or later, which addresses the authentication bypass vulnerability through proper credential validation mechanisms. Network segmentation should be implemented to isolate wireless access points from critical network segments, and access controls should be tightened to restrict administrative access to only trusted IP addresses. Additionally, organizations should deploy network monitoring solutions that can detect anomalous access patterns or unauthorized configuration changes to wireless access points. Regular vulnerability assessments and penetration testing should be conducted to identify similar issues in other network infrastructure components. The remediation process should also include disabling unnecessary administrative services and ensuring that default credentials are changed across all network devices to minimize attack surface. Organizations should also consider implementing network access control solutions that can detect and prevent unauthorized access attempts to network infrastructure devices.