Sophos AP6 Authentication Bypass Vulnerability Enables Remote Device Compromise

EXECUTIVE SUMMARY:

A critical authentication bypass vulnerability has been discovered in Sophos AP6 Series Wireless Access Points, tracked as CVE-2025-10159. This flaw allows unauthenticated remote attackers to gain access to the management interface, potentially leading to full device takeover and network compromise.[emaillocker id="1283"]

• CVE-2025-10159: The vulnerability stems from improper authentication handling in the AP6 management service. By exploiting this flaw, attackers can bypass login protections and interact directly with administrative functions of the device. Successful exploitation enables attackers to alter configurations, disrupt wireless connectivity, or pivot into the internal network environment. With a CVSS v3.1 score of 9.8 (critical), this vulnerability poses a significant risk to enterprise and service provider networks relying on Sophos AP6 devices for secure wireless access.

This exposure is especially dangerous in environments where APs are deployed at scale, as a single compromise can cascade across multiple connected devices and users.

RECOMMENDATION:

• We strongly recommend you update Sophos AP6 Series Wireless Access Points to firmware version 1.7.2563 (MR7) or later.

REFERENCES:

The following reports contain further technical details:

• https://securityonline.info/sophos-fixes-critical-authentication-bypass-cve-2025-10159-in-ap6-series-wireless-access-points/