Warning: Authentication Bypass in Sophos AP6 Series Wireless Access Points, Patch Immediately!

• Last update: 10/09/2025
• Affected software:
  → Sophos AP6 Series Access Points with firmware below 1.7.2563 (MR7)
• Type: CWE-620: Unverified Password Change
• CVE/CVSS
  → CVE-2025-10159: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

Sophos - https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6

Risks

Sophos AP6 Series Wireless Access Points provide secure wireless connectivity for enterprise and business environments. Exploiting CVE-2025-10159 could allow an attacker with network access to the management IP address to bypass authentication and gain administrator-level privileges on the device.

This compromises the confidentiality of network configurations, the integrity of device settings, and the availability of wireless services.

Description

CVE-2025-10159 is an authentication bypass vulnerability that allows an attacker with access to the management IP address of a Sophos AP6 Series Wireless Access Point to gain administrator-level privileges without proper authentication. Devices with automatic updates enabled have already received the fix, while those with manual update settings must upgrade to the latest firmware version.

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-10159