216.73.217.23

CVE-2025-27558

· Published 21/05/2025 19:16 · Modified 22/05/2025 19:15

Labels: CVE-2025-27558 2025-05-21CVE-2025-27558CWE-345[email protected]

Essential information

Published
21/05/2025 19:16
Modified
22/05/2025 19:15
Author
Creator
CVSS
9.1 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS metrics

Description

IEEE P802.11-REVme D1.1 through D7.0 allows FragAttacks against mesh networks. In mesh networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP), an adversary can exploit this vulnerability to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. NOTE: this issue exists because of an incorrect fix for CVE-2020-24588. P802.11-REVme, as of early 2025, is a planned release of the 802.11 standard.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
ieee / ieee p802.11 cpe:2.3:a:ieee:ieee_p802.11:<*:*:*:*:*:*:*:*
wpa / wi-fi protected access cpe:2.3:a:wpa:wi-fi_protected_access:*:*:*:*:*:*:*:*
wpa2 / wi-fi protected access cpe:2.3:a:wpa2:wi-fi_protected_access:*:*:*:*:*:*:*:*
wpa3 / wi-fi protected access cpe:2.3:a:wpa3:wi-fi_protected_access:*:*:*:*:*:*:*:*
wep / wired equivalent privacy cpe:2.3:a:wep:wired_equivalent_privacy:*:*:*:*:*:*:*:*

References