CVE-2025-10159

CRITICAL

Sophos AP6 - Privilege Escalation

Title source: llm

Description

An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

References (1)

Scores

CVSS v3 9.8
EPSS 0.0008
EPSS Percentile 23.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-620
Status draft

Timeline

Published Sep 09, 2025
Tracked Since Feb 18, 2026