CVE-2025-52689

Summary

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.

Affected Software

VendorProductVersion RangeStatus
Alcatel-LucentOmniAccess Stellar ProductsAP1100 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1200 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1300 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1400 AWOS versions 5.0.2 GA and earlieraffected
Alcatel-LucentOmniAccess Stellar ProductsAP1500 AWOS versions 5.0.2 GA and earlieraffected

Weaknesses

  • CWE-384: CWE-384 Session Fixation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

Additional References

References