CVE-2025-10159 is a critical authentication bypass vulnerability affecting Sophos AP6 Series Wireless Access Points running firmware versions older than 1.7.2563 (MR7). The vulnerability is classified under CWE-620, which pertains to unverified password changes. This flaw allows remote attackers to bypass authentication mechanisms entirely, granting them administrative privileges on the affected devices without any prior credentials or user interaction. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:H/I:H/A:H). Exploiting this vulnerability enables attackers to fully control the wireless access points, potentially allowing them to manipulate network traffic, intercept sensitive data, deploy further malware, or disrupt wireless network availability. Although no known exploits have been reported in the wild yet, the ease of exploitation and critical impact make this a significant threat. The vulnerability affects all devices running firmware versions prior to 1.7.2563, and Sophos has not yet published official patches or mitigation guidance at the time of this report. Given the nature of wireless access points as critical network infrastructure components, this vulnerability poses a serious risk to network security and operational continuity.

For European organizations, this vulnerability presents a substantial risk due to the widespread use of Sophos AP6 Series Wireless Access Points in enterprise, government, and critical infrastructure networks. Successful exploitation could lead to full compromise of wireless network infrastructure, enabling attackers to intercept confidential communications, manipulate network configurations, and disrupt business operations. This is particularly concerning for sectors handling sensitive data such as finance, healthcare, and public administration. The ability to gain administrative access remotely without authentication means attackers could establish persistent footholds, escalate privileges within internal networks, and potentially pivot to other critical systems. Additionally, the disruption of wireless services could impact operational continuity, especially in organizations relying heavily on wireless connectivity for daily operations. The lack of user interaction and low attack complexity further increase the likelihood of exploitation, making timely mitigation essential to protect European organizations from data breaches, espionage, and service outages.

1. Immediate firmware upgrade: Organizations should prioritize updating all Sophos AP6 Series Wireless Access Points to firmware version 1.7.2563 (MR7) or later as soon as the patch becomes available from Sophos. 2. Network segmentation: Isolate wireless access points from critical network segments to limit the potential impact of a compromised device. 3. Access control: Restrict management interface access to trusted IP addresses and networks only, using firewall rules and network access control lists. 4. Monitoring and logging: Enable detailed logging on wireless access points and network infrastructure to detect unusual administrative access or configuration changes. 5. Incident response readiness: Prepare incident response plans specifically addressing potential wireless infrastructure compromise, including rapid device isolation and forensic analysis. 6. Vendor communication: Maintain close contact with Sophos for updates on patches, advisories, and recommended best practices. 7. Temporary mitigations: If immediate patching is not possible, consider disabling remote management interfaces or restricting them to secure management networks until the vulnerability is remediated.