{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52689", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-06-19T06:04:41.987Z", "datePublished": "2025-07-16T06:30:11.161Z", "dateUpdated": "2025-07-16T14:40:58.689Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "OmniAccess Stellar Products", "vendor": "Alcatel-Lucent", "versions": [{"status": "affected", "version": "AP1100 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1200 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1300 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1400 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1500 AWOS versions 5.0.2 GA and earlier"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lam Jun Rong"}, {"lang": "en", "type": "finder", "value": "Cao Yitian"}], "datePublic": "2025-07-16T06:26:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}], "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-07-16T06:30:11.161Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"}, {"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"}, {"url": "https://blog.uhg.sg/article/24.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n<br>"}], "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."}], "source": {"discovery": "UNKNOWN"}, "title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-16T14:35:50.269269Z", "id": "CVE-2025-52689", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:40:58.689Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52689", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2025-06-19T06:04:41.987Z", "datePublished": "2025-07-16T06:30:11.161Z", "dateUpdated": "2025-07-16T14:40:58.689Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "OmniAccess Stellar Products", "vendor": "Alcatel-Lucent", "versions": [{"status": "affected", "version": "AP1100 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1200 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1300 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1400 AWOS versions 5.0.2 GA and earlier"}, {"status": "affected", "version": "AP1500 AWOS versions 5.0.2 GA and earlier"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Lam Jun Rong"}, {"lang": "en", "type": "finder", "value": "Cao Yitian"}], "datePublic": "2025-07-16T06:26:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}], "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-384", "description": "CWE-384 Session Fixation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2025-07-16T06:30:11.161Z"}, "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"}, {"url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"}, {"url": "https://blog.uhg.sg/article/24.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.\n\n<br>"}], "value": "Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version."}], "source": {"discovery": "UNKNOWN"}, "title": "Weak Session ID Check in the OmniAccess Stellar Web Management Interface", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52689", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-16T14:35:50.269269Z"}}}], "references": [{"url": "https://github.com/UltimateHG/CVE-2025-52689-PoC", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-16T14:36:21.423Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point."}, {"lang": "es", "value": "La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir que un atacante no autenticado obtenga una ID de sesi\u00f3n v\u00e1lida con privilegios de administrador falsificando la solicitud de inicio de sesi\u00f3n, lo que potencialmente permitir\u00eda al atacante modificar el comportamiento del punto de acceso."}], "id": "CVE-2025-52689", "lastModified": "2025-07-16T15:15:32.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}, "published": "2025-07-16T07:15:23.190", "references": [{"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://blog.uhg.sg/article/24.html"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf"}, {"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/UltimateHG/CVE-2025-52689-PoC"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-384"}], "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}

{}