CVE-2025-8679CRITICAL 9.8EPSS p23.9%

CVE-2025-8679CVE-2025-8679

Description

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.9% · 2026-06-19T12:03:05Z
Published2025-10-01
Last modified2026-01-15

Underlying weaknesses· 1

CWE-307

References

  1. https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130289

1

TypeTargetConfidenceTier
WeaknessImproper Restriction of Excessive Authentication Attemptscwe-3070%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-6979
CVE
CVE-2025-52689
CVE
CVE-2025-40805
CVE
CVE-2026-28536
CVE
CVE-2025-28202
CVE
CVE-2025-27256
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.