CVE-2025-11192

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Extreme Networks Fabric Engine (VOSS) versions prior to 9.3

Description A flaw exists in Extreme Networks’ Fabric Engine (VOSS) where, when SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. This could allow unauthorized access to network fabric and configuration data by malicious actors. The SD-WAN AutoSense implementation is the affected component.

Recommendations Update to version 9.3 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2025-11192

Affected Products

Fabric Engine

CVE-2025-11192

Weakness Enumeration

Related Identifiers

Affected Products

References · 4