CVE-2025-8679
BaseFortify
Publication date: 2025-10-01
Last updated on: 2025-10-02
Assigner: ExtremeNetworks
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| extreme_networks | extremecloud_iq_essentials | * |
| extreme_networks | extremeguest_essentials | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-307 | The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in ExtremeGuest Essentials before version 25.5.0, where the captive-portal may allow unauthorized access through a manual brute-force procedure. Specifically, under certain captive-portal SSID configurations, repeated manual login attempts can cause an unauthenticated device to be incorrectly marked as authenticated, granting it network access. Additionally, Client360 logs may show the client MAC address as the username even though MAC-authentication is not enabled.
How can this vulnerability impact me? :
This vulnerability can allow unauthorized devices to gain network access without proper authentication, potentially exposing the network to unauthorized users. This could lead to security breaches, data exposure, or misuse of network resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring Client360 logs for unusual entries where the client MAC address appears as the username despite no MAC-authentication being enabled. This indicates possible unauthorized access via brute-force attempts on the captive-portal. Specific commands are not provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps are not detailed in the provided information. However, reviewing and adjusting captive-portal SSID configurations to prevent repeated manual login attempts and monitoring Client360 logs for suspicious activity may help reduce risk until a patch or update is applied.