CVE-2025-63292 is a vulnerability identified in several Freebox models, including Freebox v5 HD, v5 Crystal, v6 Révolution (r1–r3), Mini 4K, and Freebox One, running specific firmware versions (1.7.20 for v5 models and 4.7.x for others). The issue arises during the initial phase of EAP-SIM authentication over the FreeWifi_secure network, where the subscriber’s IMSI (International Mobile Subscriber Identity) is transmitted in plaintext embedded within the Network Access Identifier (NAI) during the EAP-Response/Identity exchange. This transmission lacks encryption, tunneling, or pseudonymization, violating confidentiality principles. An attacker within approximately 100 meters can passively capture these frames without requiring elevated privileges or user interaction, enabling them to obtain the IMSI. The IMSI is a unique identifier that can be used for device tracking, correlating subscriber activity, and long-term monitoring of user presence near any broadcasting Freebox device. The vulnerability is classified under CWE-319 (Cleartext Transmission of Sensitive Information). The vendor has acknowledged the issue and plans to fully deactivate the FreeWifi_secure service by October 1, 2025, as a remediation step. The CVSS v3.1 score is 3.5 (low severity), reflecting limited confidentiality impact and no impact on integrity or availability, with attack vector being adjacent network, no privileges required, and user interaction needed. No known exploits are currently in the wild.

For European organizations, particularly those in France where Freebox devices are widely used, this vulnerability poses a privacy risk rather than a direct threat to network security or system integrity. The exposure of IMSI in plaintext allows attackers to passively track and correlate subscriber presence and movement over time, potentially enabling profiling or surveillance of individuals. This could be exploited by malicious actors interested in physical tracking or targeted reconnaissance. While the vulnerability does not allow direct compromise of devices or networks, the loss of subscriber privacy could have regulatory implications under GDPR and damage user trust. Organizations relying on Freebox devices for Wi-Fi access should be aware of the potential for passive IMSI interception in public or semi-public environments. The risk is lower for organizations outside France due to limited Freebox deployment. Since the vulnerability requires proximity and passive sniffing, it is less likely to be exploited remotely or at scale but remains a concern for privacy-sensitive environments.

1. Disable or avoid using the FreeWifi_secure network on affected Freebox devices until the vendor deactivates the service by October 2025. 2. Encourage users to connect via alternative secure Wi-Fi networks that do not expose IMSI or use stronger authentication methods. 3. Monitor Wi-Fi environments for unauthorized passive sniffing devices or unusual reconnaissance activity near organizational premises. 4. Educate users about the privacy risks of connecting to FreeWifi_secure and recommend disabling automatic connections to this network. 5. For organizations managing Freebox devices, consider firmware updates if available or network segmentation to limit exposure. 6. Implement network access controls and logging to detect anomalous authentication attempts or repeated identity exchanges. 7. Engage with the vendor for updates on remediation timelines and potential patches. 8. Review privacy policies and compliance measures to address potential GDPR concerns related to IMSI exposure.