CVE-2025-63292
BaseFortify
Publication date: 2025-11-17
Last updated on: 2026-02-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freebox | v5_hd_firmware | to 1.7.20 (exc) |
| freebox | v5_crystal_firmware | to 1.7.20 (exc) |
| freebox | v6_revolution_firmware | to 4.7.0 (exc) |
| freebox | mini_4k_firmware | to 4.7.0 (exc) |
| freebox | one_firmware | to 4.7.0 (exc) |
| free | freebox_v5_hd | 1.7.20 |
| free | freebox_v5_crystal | 1.7.20 |
| free | freebox_v6_révolution | 4.7 |
| free | freebox_one | 4.7 |
| free | freebox_mini_4k | 4.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-319 | The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves certain Freebox devices exposing subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the 'FreeWifi_secure' network. Specifically, during the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which contains the raw IMSI, is transmitted without any encryption, tunneling, or pseudonymization. An attacker within Wi-Fi range (~100 meters) can passively capture these frames without needing user interaction or elevated privileges.
How can this vulnerability impact me? :
The exposure of the IMSI allows an attacker to track the device, correlate subscriber activity, and monitor the user's presence over time near any broadcasting Freebox device. This can lead to privacy breaches such as long-term monitoring and tracking of the subscriber without their knowledge or consent.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by passively capturing Wi-Fi traffic on the 'FreeWifi_secure' network and inspecting the EAP-Response/Identity frames for plaintext IMSI identifiers embedded in the Network Access Identifier (NAI). Tools like Wireshark or tcpdump can be used to capture and analyze these frames within Wi-Fi range (~100 meters). Specific commands include using tcpdump to capture EAP packets, for example: 'tcpdump -i wlan0 -s 0 -w capture.pcap eap'. Then, analyze the capture with Wireshark to look for EAP-Response/Identity frames containing IMSI in plaintext.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include disabling or avoiding use of the 'FreeWifi_secure' network service, as it exposes IMSI identifiers in plaintext. Since the vendor plans to fully deactivate this service by 1 October 2025, users should switch to alternative secure Wi-Fi networks that do not expose IMSI information. Additionally, limiting physical proximity to the vulnerable Freebox devices or using VPNs over Wi-Fi may reduce exposure.