CVE-2025-8679

Published: Oct 1, 2025

Modified: Oct 1, 2025

PUBLISHED

Description

In ExtremeGuest Essentials before 25.5.0, captive-portal may permit unauthorized access via manual brute-force procedure. Under certain ExtremeGuest Essentials captive-portal SSID configurations, repeated manual login attempts may allow an unauthenticated device to be marked as authenticated and obtain network access. Client360 logs may display the client MAC as the username despite no MAC-authentication being enabled.

Vendor	Product	Versions
Extreme Networks	ExtremeGuest Essentials	affected `25.4.0`

Weaknesses (CWE)

CWE-307

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000130289

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-8679

Description

Affected Products

Weaknesses (CWE)

References