3.5
CVE-2025-63292
- EPSS 0.01%
- Veröffentlicht 17.11.2025 00:00:00
- Zuletzt bearbeitet 04.02.2026 20:50:13
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginFreebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Freebox ≫ V5 Hd Firmware Version <= 1.7.20
Freebox ≫ V5 Crystal Firmware Version <= 1.7.20
Freebox ≫ V6 Revolution Firmware Version <= 4.7.0
Freebox ≫ Mini 4k Firmware Version <= 4.7.0
Freebox ≫ One Firmware Version <= 4.7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.005 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.5 | 2.1 | 1.4 |
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
|
CWE-319 Cleartext Transmission of Sensitive Information
The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.