Unauthorized Access Flaw in Extreme Networks' ExtremeGuest Essentials
CVE-2025-8679

7.6HIGH

Key Information:

Vendor: Extreme Networks
Status: Extremeguest Essentials
Vendor: CVE Published:; 1 October 2025

🔔 Create Extreme Networks Vulnerability Alert

What is CVE-2025-8679?

A vulnerability exists in Extreme Networks' ExtremeGuest Essentials versions prior to 25.5.0, where the captive portal may allow unauthorized access. This occurs during specific configurations of the captive portal SSID, where repeated manual login attempts can lead an unauthenticated device to be falsely recognized as authenticated, thereby gaining access to the network. Notably, Client360 logs may display the MAC address of the client as the username, despite the absence of MAC-authentication practices. This significant flaw highlights the importance of securing guest network access to prevent unauthorized entry.

Affected Version(s)

ExtremeGuest Essentials 25.4.0

References

https://extreme-networks.my.site.com/ExtrArticleDetail?an...

CVSS V4

Score:

7.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 1, 2025
Vulnerability Reserved
Aug 6, 2025

JSON