What is the Sophos CVE-2025-10159 vulnerability?

CVE-2025-10159 is a critical security vulnerability affecting Sophos AP6 Series Wireless Access Points with a CVSS score of 9.8. This flaw could allow attackers to gain complete administrative control over affected devices.

How severe is the Sophos CVE-2025-10159 vulnerability?

CVE-2025-10159 is rated as critical with a CVSS score of 9.8, indicating maximum severity. The vulnerability could allow attackers to gain complete administrative control over affected Sophos wireless access points.

What firmware version fixes the Sophos CVE-2025-10159 vulnerability?

Sophos has patched the vulnerability in firmware version 1.7.2563 (MR7). Organizations must upgrade to this version or later to protect against CVE-2025-10159.

What access do attackers need to exploit CVE-2025-10159?

The attack requires the adversary to reach the device's management IP address. In many deployments, this is restricted to internal networks or dedicated management VLANs, but misconfigured networks with exposed management interfaces could leave devices vulnerable to both internal and external attackers.

Will Sophos devices update automatically for CVE-2025-10159?

Organizations using Sophos's default automatic update policy will receive the security patch without manual intervention. However, customers who have disabled automatic updates must manually upgrade their firmware to 1.7.2563 (MR7).

How can organizations protect against CVE-2025-10159?

Organizations should immediately upgrade affected Sophos AP6 Series devices to firmware version 1.7.2563 (MR7) or later. Additionally, ensure management interfaces are properly secured and not exposed to unauthorized networks.

Are there any technical details available about CVE-2025-10159?

Sophos has not disclosed specific technical details about the vulnerability, which is a common practice to prevent exploitation while organizations apply security patches.

Who is most at risk from the Sophos CVE-2025-10159 vulnerability?

Organizations with misconfigured networks that expose Sophos AP6 Series management interfaces to unauthorized access are most at risk. This includes both internal attackers with network access and external attackers if management interfaces are exposed to the internet.

How do I check if my Sophos access points are vulnerable to CVE-2025-10159?

Check if you have Sophos AP6 Series Wireless Access Points running firmware versions prior to 1.7.2563 (MR7). If so, your devices are vulnerable and should be updated immediately.

What can attackers do if they exploit CVE-2025-10159?

Successful exploitation of CVE-2025-10159 could allow attackers to gain complete administrative control over affected Sophos wireless access points, potentially enabling them to intercept network traffic, modify configurations, or use the devices as a foothold for further network intrusion.

Should I disable automatic updates on Sophos devices?

It is generally recommended to keep automatic updates enabled for security patches like the CVE-2025-10159 fix. Organizations that disable automatic updates must be prepared to manually apply critical security patches promptly when they are released.

Is there a workaround for CVE-2025-10159 if I cannot immediately update?

While the primary protection is updating to firmware 1.7.2563 (MR7), organizations can reduce risk by ensuring management interfaces are properly secured and not exposed to unauthorized networks, including isolating management VLANs and restricting access to trusted administrators only.

How do I manually update Sophos AP6 firmware to fix CVE-2025-10159?

Organizations with disabled automatic updates must manually upgrade their Sophos AP6 Series firmware to version 1.7.2563 (MR7) through their Sophos management interface or contact Sophos support for specific update instructions.

Advisory

Sophos patches critical authentication bypass flaw in AP6 Series wireless access points

Q: Which Sophos products are affected by CVE-2025-10159?

The vulnerability affects Sophos AP6 Series Wireless Access Points running firmware versions prior to 1.7.2563 (MR7).

published: Sept. 11, 2025

Take action: If you have Sophos AP6 Series Wireless Access Points, first make sure the management port is isolated from the internet and accessible only from trusted networks. The check that they're running firmware version 1.7.2563 (MR7) or newer. If not, manually upgrade to the latest firmware.

Learn More

Sophos has patched a critical security vulnerability affecting its AP6 Series Wireless Access Points that could allow attackers to gain complete administrative control over affected devices.

The flaw is tracked as CVE-2025-10159 (CVSS score 9.8), and allows affects Sophos AP6 Series Wireless Access Points running firmware versions prior to 1.7.2563 (MR7). Details of the flaw are not disclosed.

The attack requires the adversary to reach the device's management IP address, which in many deployments is restricted to internal networks or dedicated management VLANs. Misconfigured networks with exposed management interfaces could leave devices vulnerable to both internal and external attackers.

Organizations using Sophos's default automatic update policy will receive the security patch without manual intervention. Customers who have disabled automatic updates must manually upgrade their firmware to 1.7.2563 (MR7).

Sophos patches critical authentication bypass flaw in AP6 Series wireless access points

Read More
Critical Zero-Click Command Injection in AVideo Platform Allows …
Thousands of exploit attacks on Atlassian Confluence, week …
SAP December 2025 patch day fixes critical code …
FortiGate Firewalls Compromised Despite Recent Patches for CVE-2025-59718
Critical remote code execution flaw in Wing FTP …