CVE-2025-8679

Name of the Vulnerable Software and Affected Versions ExtremeGuest Essentials versions prior to 25.5.0

Description The captive-portal feature may allow unauthorized access through manual brute-force attempts. Specific ExtremeGuest Essentials captive-portal SSID configurations could allow an unauthenticated device to be incorrectly marked as authenticated, granting network access. Client360 logs might incorrectly display the client MAC address as the username, even when MAC authentication is not enabled.

Recommendations Update to version 25.5.0 or later.