CVE-2025-11192 is an improper authentication vulnerability (CWE-287) identified in Extreme Networks Fabric Engine (VOSS) prior to version 9.3. The vulnerability arises when the SD-WAN AutoSense feature is enabled on a network port. This feature is designed to automatically configure fabric connectivity to simplify network management. However, it fails to validate ISIS (Intermediate System to Intermediate System) authentication settings during this process. ISIS is a routing protocol used in many enterprise and service provider networks to exchange routing information securely. The lack of authentication validation means that an attacker can exploit the AutoSense mechanism to gain unauthorized access to the network fabric, potentially viewing or modifying configuration data. The vulnerability has a CVSS 4.0 base score of 8.4, indicating high severity. The vector shows that exploitation requires physical or local network access (AV:P), but no privileges or user interaction are needed, and the attack complexity is low. The vulnerability impacts confidentiality, integrity, and availability at a high level, with a wide scope affecting the entire network fabric. No public exploits are known yet, but the risk is significant given the critical role of network fabric in enterprise and service provider environments. The vulnerability was reserved on 2025-09-30 and published on 2025-10-07. No patches were linked at the time of publication, but upgrading to version 9.3 or later is expected to remediate the issue.

For European organizations, this vulnerability poses a serious risk to network infrastructure security. Unauthorized access to the network fabric can lead to interception or manipulation of sensitive data, disruption of network services, and potential lateral movement within the network. Enterprises relying on Extreme Networks Fabric Engine for SD-WAN or fabric connectivity may face confidentiality breaches, integrity violations through unauthorized configuration changes, and availability issues if attackers disrupt routing or fabric operations. Critical sectors such as finance, telecommunications, government, and utilities in Europe could experience operational disruptions and data compromise. The vulnerability’s exploitation could undermine trust in network reliability and lead to regulatory and compliance consequences under GDPR and other frameworks. The lack of authentication validation in a core network component increases the attack surface for insider threats or attackers with local network access, which is a common scenario in complex enterprise environments.

Immediate mitigation involves disabling the SD-WAN AutoSense feature on all affected ports to prevent automatic fabric connectivity configuration without authentication validation. Network administrators should audit current configurations to identify enabled AutoSense ports and restrict access to management interfaces. Applying network segmentation and strict access controls to limit local network access can reduce exploitation risk. Monitoring network traffic for unusual ISIS protocol activity or unauthorized configuration changes can help detect attempted exploitation. Organizations should plan to upgrade to Extreme Networks Fabric Engine version 9.3 or later as soon as it becomes available, as this version addresses the vulnerability. Until patches are applied, consider deploying compensating controls such as enhanced network monitoring, multi-factor authentication for network management, and strict physical security to limit attacker access. Vendor communication channels should be monitored for official patches and advisories. Incident response plans should be updated to address potential exploitation scenarios involving network fabric compromise.