Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN602
_____________________________________________________________________

DATE                : 11/09/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Sophos AP6 Series Wireless Access
                      Points firmware prior version 1.7.2563 (MR7).

=====================================================================
https://www.sophos.com/fr-fr/security-advisories/sophos-sa-20250909-ap6
_____________________________________________________________________

Resolved Authentication Bypass Vulnerability in Sophos AP6 Series
Wireless Access Points Firmware (CVE-2025-10159)


Critical

CVE
CVE-2025-10159

Updated: 2025 Sep 9

Produit(s)
Sophos Wireless

ID de la publication sophos-sa-20250909-ap6

Version de l’article 1

Première publication 2025 Sep 9

Solution No


Overview

Sophos has fixed an authentication bypass vulnerability in Sophos
AP6 Series Wireless Access Points allowing attackers able to reach
the access point’s management IP address to gain administrator level
privileges. The issue was discovered by Sophos during internal
security testing.

There is no action required for customers using the default updating
policy, as updates are installed automatically by default.

Customers opting out of automatic updates are required to upgrade to
receive this fix. See below for details.

Applies to the following product(s) and version(s)

Sophos AP6 Series Wireless Access Points firmware prior version
1.7.2563 (MR7)


Remediation

    Ensure you are running the latest version of your Sophos AP6
Series Wireless Access Points firmware
    Fix included in AP6 Series Wireless Access Points firmware
version 1.7.2563 (MR7) after 11 August 2025
    Users of older versions of Sophos AP6 Series Wireless Access
Points firmware are required to upgrade to receive the latest
protections, and this fix


Related information

    https://www.cve.org/CVERecord?id=CVE-2025-10159
    https://community.sophos.com/sophoswireless/b/blog/posts/sophos-ap6-series-wireless-update-maintenance-release-mr-7-version-1-7-2563

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================