CVE-2025-24912

Summary

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

Affected Software

VendorProductVersion RangeStatus
Jouni Malinenhostapd2.11 and earlieraffected

Weaknesses

  • CWE-826: Premature Release of Resource During Expected Lifetime

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References