CVE-2025-52689

CRITICAL

Alcatel-Lucent OmniAccess Stellar Products <= 5.0.2 GA - Unauthenticated Session Fixation via Spoofed Login Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-52689. PoCs published by UltimateHG.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-52689, an authentication bypass vulnerability in Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Points. The exploit generates a valid session ID by leveraging a timestamp-based signature mechanism and then uses this session to manipulate the client blacklist.

Description

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.

Exploits (1)

nomisec WORKING POC
by UltimateHG · poc
https://github.com/UltimateHG/CVE-2025-52689-PoC

This repository contains a functional exploit for CVE-2025-52689, an authentication bypass vulnerability in Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Points. The exploit generates a valid session ID by leveraging a timestamp-based signature mechanism and then uses this session to manipulate the client blacklist.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Alcatel-Lucent Enterprise AP1361D Wi-Fi Access Point
No auth needed
Prerequisites: Network access to the target device's web interface · Python environment with required libraries
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 9.8
EPSS 0.1040
EPSS Percentile 95.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-384
Status published
Products (5)
Alcatel-Lucent/OmniAccess Stellar Products AP1100 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent/OmniAccess Stellar Products AP1200 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent/OmniAccess Stellar Products AP1300 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent/OmniAccess Stellar Products AP1400 AWOS versions 5.0.2 GA and earlier
Alcatel-Lucent/OmniAccess Stellar Products AP1500 AWOS versions 5.0.2 GA and earlier
Published Jul 16, 2025
Tracked Since Feb 18, 2026