CVE-2025-10159CRITICAL 9.8EPSS p52.7%

CVE-2025-10159CVE-2025-10159

Description

An authentication bypass vulnerability allows remote attackers to gain administrative privileges on Sophos AP6 Series Wireless Access Points older than firmware version 1.7.2563 (MR7).

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.83% probability of exploitation · percentile 52.7% · 2026-06-19T12:03:05Z
Published2025-09-09
Last modified2026-04-15

Underlying weaknesses· 1

CWE-620

References

  1. https://www.sophos.com/en-us/security-advisories/sophos-sa-20250909-ap6

1

TypeTargetConfidenceTier
WeaknessUnverified Password Changecwe-6200%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-52689
CVE
CVE-2025-27129
CVE
Sophos Firewall Authentication Bypass Vulnerability
CVE
CVE-2025-6979
CVE
CVE-2025-52688
CVE
CVE-2025-9994
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.