CVE-2025-27558

CRITICAL

IEEE P802.11-REVme D1.1-D7.0 - Frame Injection via Non-SSP A-MSDU Handling

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-27558. PoCs published by Atlas-ghostshell.

AI-analyzed exploit summary This repository documents a network anomaly incident related to patching CVE-2025-27558, where an unexpected outbound connection to a misconfigured HTTP mirror was detected. It includes incident details, investigation steps, and resolution but does not contain exploit code.

Description

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

Exploits (1)

nomisec WRITEUP
by Atlas-ghostshell · poc
https://github.com/Atlas-ghostshell/CVE-2025-27558_Patching

This repository documents a network anomaly incident related to patching CVE-2025-27558, where an unexpected outbound connection to a misconfigured HTTP mirror was detected. It includes incident details, investigation steps, and resolution but does not contain exploit code.

Classification
Writeup 100%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Ubuntu (specific version not specified)
No auth needed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.1
EPSS 0.0027
EPSS Percentile 18.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-345
Status published
Published May 21, 2025
Tracked Since Feb 18, 2026