Introduction
Remote attackers can gain full administrative control over enterprise Wi-Fi infrastructure when authentication controls fail. CVE-2025-10159 demonstrates this risk in Sophos AP6 Series Wireless Access Points, where a critical flaw allows bypassing authentication entirely on devices running outdated firmware. This vulnerability has a CVSS score of 9.8 and impacts a widely deployed family of Wi-Fi 6 and Wi-Fi 6E access points used in business environments.
About Sophos and the AP6 Series: Sophos is a global cybersecurity vendor with a broad product portfolio including endpoint, firewall, and wireless security. The AP6 Series is their flagship line of enterprise Wi-Fi 6 and Wi-Fi 6E access points, managed via Sophos Central or local interfaces, and deployed in organizations seeking unified security management for wireless networks.
Technical Information
CVE-2025-10159 is an authentication bypass vulnerability classified under CWE-620 (Unverified Password Change). The flaw is present in the management interface of Sophos AP6 Series Wireless Access Points running firmware versions older than 1.7.2563 (MR-7).
The vulnerability allows remote attackers to send crafted requests to the access point's web management interface or associated API endpoints. Due to insufficient verification of password change or authentication operations, attackers can bypass credential checks and set a new administrative password or otherwise gain administrative access. This does not require physical access or prior authentication.
Once administrative access is obtained, attackers can:
- Change wireless network configurations
- Intercept or redirect wireless traffic
- Deploy rogue SSIDs or backdoors
- Disable security features or monitoring
The root cause is a failure to properly validate the identity of users performing sensitive operations in the management interface, specifically related to password changes (CWE-620). No code snippets or further exploit details are publicly available at this time.
Affected Systems and Versions
- Sophos AP6 Series Wireless Access Points
- All models, including AP6 420, AP6 420E, AP6 420X, AP6 840, AP6 840E
- Firmware versions older than 1.7.2563 (MR-7) are vulnerable
- Devices managed via Sophos Central or local web interface are affected
Vendor Security History
Sophos has previously addressed critical vulnerabilities in their network products. Notably, CVE-2022-1040 affected Sophos Firewall with a similar authentication bypass flaw. The vendor typically issues patches and advisories quickly, but recurring issues with authentication bypass highlight ongoing challenges in secure development for their network infrastructure products.