CVE-2025-52688 | Successful exploitation of the vulnerability could allow an … | CVSS 9.8 CRITICAL

Description

Successful exploitation of the vulnerability could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity, availability, and full control of the access point.

Metadata

CVE ID: CVE-2025-52688
State: PUBLISHED
Assigner: CSA
Reserved: 2025-06-19 06:04 UTC
Published: 2025-07-16 06:23 UTC
Last updated: 2025-07-16 14:41 UTC
Primary CWE: CWE-77
CWE-77 Improper Neutralization of Special Elements used in a…
Vendor / Product: Alcatel-Lucent / OmniAccess Stellar Products
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Alcatel-Lucent	OmniAccess Stellar Products	—	AP1100 AWOS versions 5.0.2 GA and earlier, AP1200 AWOS versions 5.0.2 GA and earlier, AP1300 AWOS versions 5.0.2 GA and earlier, AP1400 AWOS versions 5.0.2 GA and earlier …

Weakness (CWE)

CWE	Source	Description
CWE-77	cna	CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (3)