CVE-2025-10159 is a critical authentication bypass vulnerability identified in Sophos AP6 Series Wireless Access Points running firmware versions older than 1.7.2563 (MR7). The vulnerability is classified under CWE-620, which pertains to unverified password changes. This flaw allows remote attackers to bypass authentication mechanisms entirely, granting them administrative privileges on the affected devices without any prior authentication or user interaction. The vulnerability has a CVSS v3.1 base score of 9.8, indicating a critical severity level. The attack vector is network-based (AV:N), requiring no privileges (PR:N) and no user interaction (UI:N), making exploitation straightforward for an attacker with network access to the device. Successful exploitation compromises the confidentiality, integrity, and availability of the wireless access point, enabling attackers to control device configurations, intercept or manipulate network traffic, and potentially pivot to other internal network resources. Given that Sophos AP6 Series devices are commonly deployed in enterprise and organizational environments for wireless connectivity, this vulnerability poses a significant risk to network security and operational continuity. No known exploits are currently reported in the wild, but the critical nature and ease of exploitation necessitate immediate attention and remediation by affected users.

For European organizations, the impact of this vulnerability is substantial. Wireless access points serve as critical infrastructure components, providing network access to employees, guests, and IoT devices. An attacker gaining administrative access can alter network configurations, disable security controls, or create backdoors, leading to unauthorized data access or disruption of network services. This can result in data breaches involving sensitive personal or corporate information, violating GDPR and other data protection regulations prevalent in Europe, potentially leading to legal penalties and reputational damage. Additionally, compromised access points can be leveraged as entry points for lateral movement within corporate networks, increasing the risk of broader cyberattacks such as ransomware or espionage. The availability of the wireless network may also be impacted, disrupting business operations and productivity. Organizations in sectors with high regulatory scrutiny, such as finance, healthcare, and government, are particularly at risk due to the sensitivity of their data and the criticality of continuous network availability.

To mitigate this vulnerability, European organizations using Sophos AP6 Series Wireless Access Points should immediately verify their firmware versions and upgrade all affected devices to version 1.7.2563 (MR7) or later, where the vulnerability is patched. In the absence of an official patch, organizations should isolate affected devices from untrusted networks and restrict management interface access to trusted administrative networks only, using network segmentation and access control lists. Implementing strong network monitoring and intrusion detection systems can help identify suspicious activities targeting wireless infrastructure. Additionally, organizations should enforce multi-factor authentication (MFA) for administrative access where supported and regularly audit device configurations and logs for unauthorized changes. It is also advisable to maintain an inventory of all deployed wireless access points to ensure comprehensive coverage of mitigation efforts. Finally, organizations should stay informed through vendor advisories and threat intelligence feeds for any emerging exploit developments or additional patches.