CVE-2025-8679

High CVSS: 7.6

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled.

Vendor

Extremenetworks

Product

Extremeguest Essentials

CWE

CWE-307

Yayın Tarihi

2025-10-01 18:15:46

Güncelleme

2026-01-15 02:17:32

Source Identifier

1c053176-eef3-4d6a-ae0b-24728c86587b

KEV Date Added

Kategoriler

CWE-307 Extremeguest Essentials HIGH Extremenetworks 2025

Referanslar

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130289

Benzer Kayıtlar

High

CVE-2025-11192

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on…

Medium

CVE-2025-6235

In ExtremeControl before 25.5.12, a cross-site scripting (XSS) vulnerability was discovered in a login interface of the…

Medium

CVE-2025-6083

In ExtremeCloud Universal ZTNA, a syntax error in the 'searchKeyword' condition caused queries to bypass the owner_id fi…

Medium

CVE-2024-38290

In XIQ-SE before 24.2.11, a server misconfiguration may allow user enumeration when specific conditions are met.

High

CVE-2024-38291

In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege esc…

Critical

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which ma…