Unauthorized Access Vulnerability in Extreme Networks' Fabric Engine
CVE-2025-11192

8.4HIGH

Key Information:

Vendor: Extreme Networks
Status: Fabric Engine (voss)
Vendor: CVE Published:; 7 October 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2025-11192?

A security flaw was found in Extreme Networks' Fabric Engine (VOSS) prior to version 9.3, specifically impacting the SD-WAN AutoSense feature. This vulnerability arises when the SD-WAN AutoSense function is activated on a port, potentially leading to automatic configuration of fabric connectivity without proper validation of ISIS authentication settings. Malicious actors may exploit this flaw to gain unauthorized access to network fabrics and sensitive configuration data, raising significant security concerns for affected organizations.

Affected Version(s)

Fabric Engine (VOSS) 9.2

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

CVSS V4

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 7, 2025
Vulnerability Reserved
Sep 30, 2025

JSON