Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-52689
PUBLISHED
More InfoOfficial Page
Assigner-CSA
Assigner Org ID-5f57b9bf-260d-4433-bf07-b6a79e9bb7d4
View Known Exploited Vulnerability (KEV) details
Published At-16 Jul, 2025 | 06:30
Updated At-16 Jul, 2025 | 14:40
Rejected At-
▼CVE Numbering Authority (CNA)
Weak Session ID Check in the OmniAccess Stellar Web Management Interface

Successful exploitation of the vulnerability could allow an unauthenticated attacker to obtain a valid session ID with administrator privileges by spoofing the login request, potentially allowing the attacker to modify the behaviour of the access point.

Affected Products
Vendor
Alcatel-Lucent Enterprise (ALE International)Alcatel-Lucent
Product
OmniAccess Stellar Products
Default Status
unknown
Versions
Affected
  • AP1100 AWOS versions 5.0.2 GA and earlier
  • AP1200 AWOS versions 5.0.2 GA and earlier
  • AP1300 AWOS versions 5.0.2 GA and earlier
  • AP1400 AWOS versions 5.0.2 GA and earlier
  • AP1500 AWOS versions 5.0.2 GA and earlier
Problem Types
TypeCWE IDDescription
CWECWE-384CWE-384 Session Fixation
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Users and administrators of affected products are advised to contact their Business Partner immediately to update to the latest version.

Configurations
Workarounds
Exploits
Credits
finder
Lam Jun Rong
finder
Cao Yitian
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-072/
N/A
https://www.al-enterprise.com/-/media/assets/internet/documents/sa-n0150-omniaccess-stellar-multiple-vulnerabilities.pdf
N/A
https://blog.uhg.sg/article/24.html
N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/UltimateHG/CVE-2025-52689-PoC
exploit
Details not found