CVE-2025-11192 is an improper authentication vulnerability (CWE-287) identified in Extreme Networks Fabric Engine (VOSS) prior to version 9.3. The vulnerability specifically affects the SD-WAN AutoSense feature, which when enabled on a port, automatically configures fabric connectivity. However, this process fails to validate ISIS (Intermediate System to Intermediate System) authentication settings, a critical security mechanism designed to authenticate routing protocol peers and protect routing information integrity. Due to this lack of validation, a malicious actor can exploit the vulnerability to gain unauthorized access to the network fabric and potentially sensitive configuration data. The exploit requires no privileges, no user interaction, and can be performed remotely over a network connection (CVSS vector: AV:P/AC:L/PR:N/UI:N). The vulnerability impacts confidentiality, integrity, and availability at a high level, as unauthorized access to fabric configuration can lead to network manipulation, data interception, or denial of service. Although no public exploits are currently known, the severity and ease of exploitation make this a critical concern for affected organizations. The vulnerability was reserved on 2025-09-30 and published on 2025-10-07, with Extreme Networks recommending upgrading to version 9.3 or later where the issue is resolved.

For European organizations, this vulnerability poses a significant risk to network security, especially for enterprises and service providers relying on Extreme Networks Fabric Engine for SD-WAN and fabric connectivity. Unauthorized access to the network fabric can lead to interception or manipulation of sensitive data, disruption of network services, and potential lateral movement within the network. Critical infrastructure sectors such as finance, telecommunications, energy, and government agencies that deploy Extreme Networks solutions could face operational disruptions and data breaches. The vulnerability's ability to bypass authentication without user interaction increases the likelihood of automated or stealthy attacks. Given the increasing adoption of SD-WAN technologies in Europe to enhance network agility and security, this vulnerability could undermine trust in network infrastructure and complicate compliance with data protection regulations like GDPR if sensitive data is exposed or network availability is impacted.

Organizations should immediately verify if they are running Extreme Networks Fabric Engine (VOSS) versions prior to 9.3 with SD-WAN AutoSense enabled. The primary mitigation is to upgrade to version 9.3 or later, where the vulnerability has been addressed by enforcing proper ISIS authentication validation. Until upgrades can be applied, administrators should consider disabling SD-WAN AutoSense on all ports to prevent automatic fabric connectivity configuration without authentication checks. Additionally, network segmentation and strict access controls should be implemented to limit exposure of management interfaces and fabric components. Monitoring network traffic for unusual ISIS protocol activity and unauthorized configuration changes can help detect exploitation attempts. Regular audits of network device configurations and firmware versions should be conducted to ensure compliance with security policies. Finally, organizations should engage with Extreme Networks support for any available patches or workarounds and stay informed about any emerging exploit reports.