InfoSecBulletin Cybersecurity for mankind
Sophos fixed an authentication bypass vulnerability in its AP6 Series Wireless Access Points, preventing attackers from obtaining admin privileges. The company found the issue during internal security tests and has issued a firmware update to fix it.
An attacker with network access to the access point’s management IP can bypass authentication. This exploit provides them with administrator privileges on the device.
Microsft warns of active directory and office vulnarabilty
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Elastic Security Incident : Hackers Accessed Email Account Contains Valid Credentials
Hacker Exploit Amazon SES to Send 50K Phishing Emails
SafePay Ransomware
SafePay Ransomware Attacks 73 Orgs in a Single Month
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
AI-powered malware hit 2,180 GitHub accounts in “s1ngularity” attack
ISC2 Aims to Bridge DFIR Skill Gap with New Certificate
This elevated access can help control the access point, intercept or change network traffic, disrupt wireless connections, or use the compromised device to launch further attacks.
Sophos reported that the vulnerability was found by its own team, highlighting a proactive approach to product security. The nature of the flaw, requiring access to the management interface, suggests that the primary risk is from attackers already on the local network.
Sophos Wireless Access Points Vulnerability:
Sophos AP6 Series Wireless Access Points with firmware versions before 1.7.2563 (MR7) have a vulnerability. A fix is available in firmware version 1.7.2563 (MR7), released after August 11, 2025.
Administrators should check that their access points are using this version or a newer one for protection. Organizations using old firmware are at risk and need to upgrade for security fixes to protect their networks.
Most customers have an automatic remediation process. Sophos AP6 devices are set up to install updates automatically, so patched firmware is applied without any manual effort.
This policy helps most users stay protected automatically. However, those who chose not to receive updates need to update manually. Users must upgrade their AP6 Series firmware to version 1.7.2563 (MR7) or newer to apply the patch.
While Sophos has indicated that no exploitation has been observed in the wild, the high CVSS score of 9.8 reflects the seriousness of the vulnerability and the potential damage if left unpatched.
