CVE-2025-27084

Name of the Vulnerable Software and Affected Versions: AOS-10 GW versions prior to 10.7.1.0 AOS-8 Controller/Mobility Conductor versions prior to 8.10.0.15 and 8.12.0.3

Description: A vulnerability in the Captive Portal could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.

Recommendations: For AOS-10 GW versions prior to 10.7.1.0, update to version 10.7.1.0 or later to resolve the issue. For AOS-8 Controller/Mobility Conductor versions prior to 8.10.0.15, update to version 8.10.0.15 or later to resolve the issue. For AOS-8 Controller/Mobility Conductor versions prior to 8.12.0.3, update to version 8.12.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Captive Portal to minimize the risk of exploitation.