Source: Ministry of education information & communication security contingency platform
"" "" "" ""
| Publication Number | TACERT-ANA-2025091208091212 | Publication Time | 2025/09/12 08:23 |
| Incident Type | ANA-Vulnerability Alert | Discovery Time | 2025/09/12 08:23 |
| Impact Level | Low | ||
| [Subject] 【Vulnerability Alert】A critical security vulnerability (CVE-2025-10159) has been identified in Sophos AP6 Series wireless access points. |
|||
| [Content] Forwarded from TWCERTCC-200-202509-00000005 Sophos has issued a critical security advisory for its AP6 Series wireless access points (CVE-2025-10159, CVSS: 9.8). This is an authentication bypass vulnerability that allows attackers to access the management IP address of the access point and gain administrator privileges. Note: Users with the default automatic update policy do not need to take any action. If automatic updates have been disabled, please perform a manual upgrade to fix this security vulnerability. Information Sharing Level: WHITE (Information content can be publicly disclosed) |
|||
| [Affected Platform] AP6 Series wireless access point firmware versions prior to 1.7.2563. |
|||
| [Recommended Actions] Update AP6 Series wireless access point firmware to version 1.7.2563 or later. |
|||
|
[Reference] 2. CVE-2025-10159 https://www.cve.org/CVERecord?id=CVE-2025-10159 |
|||