CVE-2025-24912

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

12/03/2025

Last modified:

12/03/2025

Description

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

Impact

Vector 3.x

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS v3.1 Severity and Metrics:

Base Score: 3.70 LOW
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): Low

Base Score 3.x

3.70

Severity 3.x

LOW

References to Advisories, Solutions, and Tools

https://jvn.jp/en/jp/JVN19358384/
https://w1.fi/cgit/hostap/commit/?id=339a334551ca911187cc870f4f97ef08e11db109
https://w1.fi/cgit/hostap/commit/?id=726432d7622cc0088ac353d073b59628b590ea44
https://w1.fi/hostapd/