CVE-2025-63292

Name of the Vulnerable Software and Affected Versions Freebox v5 HD version 1.7.20 Freebox v5 Crystal version 1.7.20 Freebox v6 Révolution r1–r3 versions 4.7.x Freebox Mini 4K versions 4.7.x Freebox One versions 4.7.x

Description Freebox devices expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the FreeWifi secure network. Specifically, during the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which contains the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker within Wi-Fi range (approximately 100 meters) can passively capture these frames without needing user interaction or elevated privileges. The disclosed IMSI allows for device tracking, subscriber correlation, and long-term monitoring of user presence near broadcasting Freebox devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.