[Security Vulnerability Alert] Sophos' AP6 series wireless access points have a major security vulnerability (CVE-2025-10159)

[Security Vulnerability Alert] Sophos' AP6 series wireless access points have a major security vulnerability (CVE-2025-10159)

2025/9/12 ～ 2026/3/12

View Count：25

Forwarded by Taiwan Computer Network Crisis and Coordination Center (TWCERTCC-200-202509-00000005)

[Description]
Sophos has issued a critical security advisory (CVE-2025-10159, CVSS: 9.8) for its AP6 series wireless access points. This vulnerability, known as an authentication bypass, allows an attacker to gain access to the wireless access point's management IP address and thereby gain administrator privileges.

Note: Users using the default automatic update policy do not need to take any additional action. If automatic updates are disabled, please manually update to address this vulnerability.

[Affected Platforms]
AP6 Series Wireless Access Point Firmware Version 1.7.2563 or Later

[Recommended Action]
Update the AP6 Series Wireless Access Point Firmware to Version 1.7.2563 or Later

[References]
1. Resolved Authentication Bypass Vulnerability in Sophos AP6 Series Wireless Access Points Firmware (CVE-2025-10159) https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6

2. CVE-2025-10159 https://www.cve.org/CVERecord?id=CVE-2025-10159

[Security Vulnerability Alert] Sophos' AP6 series wireless access points have a major security vulnerability (CVE-2025-10159)

2025/9/12 ～ 2026/3/12

View Count：25

Files

None

【Back】