CVE-2025-52687 is a command injection vulnerability classified under CWE-77 affecting Alcatel-Lucent OmniAccess Stellar access points, specifically models AP1100 through AP1500 running AWOS versions 5.0.2 GA and earlier. The vulnerability arises from improper neutralization of special elements used in commands, allowing an attacker with administrator credentials on the access point to inject malicious JavaScript into web traffic payloads. This injection can lead to session hijacking, where an attacker can take over authenticated sessions, and denial-of-service (DoS) conditions by disrupting normal device operation or network traffic. The vulnerability requires high privileges (administrator access) and user interaction to exploit, as indicated by the CVSS vector (AV:N/AC:L/PR:H/UI:R). The CVSS score is low (2.4), reflecting limited impact on confidentiality and availability, with no direct confidentiality loss but some integrity impact. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability affects network infrastructure devices that are critical for wireless connectivity and network management, making it a concern for organizations relying on these access points for secure and stable wireless environments.

For European organizations, the impact of this vulnerability could be significant in environments where Alcatel-Lucent OmniAccess Stellar access points are deployed, particularly in enterprise, government, and critical infrastructure sectors. Exploitation could allow malicious insiders or attackers who have obtained administrator credentials to compromise session integrity, potentially leading to unauthorized access to network management interfaces or disruption of wireless services. This could degrade network availability and trustworthiness, impacting business operations and sensitive communications. Although the vulnerability requires administrator privileges and user interaction, the potential for session hijacking could facilitate lateral movement or privilege escalation within the network. The lack of patches increases the risk window, especially in environments where timely updates are challenging. Given the reliance on wireless access points for remote work and IoT connectivity, this vulnerability could undermine network security and operational continuity in European organizations.

To mitigate this vulnerability effectively, European organizations should: 1) Restrict and tightly control administrator access to OmniAccess Stellar devices, employing strong multi-factor authentication and strict access policies to reduce the risk of credential compromise. 2) Monitor network traffic and device logs for unusual JavaScript payloads or anomalous web traffic patterns indicative of injection attempts. 3) Segment wireless management networks to isolate access points from general user traffic and limit exposure. 4) Implement web application firewalls (WAFs) or intrusion detection/prevention systems (IDS/IPS) capable of detecting command injection patterns in web traffic. 5) Regularly audit and update device firmware and software, and engage with the vendor for timely patch releases or workarounds. 6) Educate administrators on the risks of executing untrusted commands and the importance of secure session handling. 7) Consider deploying compensating controls such as network access control (NAC) to restrict device management access to trusted hosts only.