3.7

CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
W1.FiHostapd Version <= 2.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.72% 0.489
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
vultures@jpcert.or.jp 3.7 2.2 1.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-826 Premature Release of Resource During Expected Lifetime

The product releases a resource that is still intended to be used by itself or another actor.

https://w1.fi/hostapd/
Product
https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44
Patch
https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109
Patch
https://jvn.jp/en/jp/JVN19358384/
Third Party Advisory