CVE-2025-63292

{"id": "CVE-2025-63292", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2025-11-17T19:16:20.037", "references": [{"url": "https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/7h30th3r0n3/1a0fadb19f1528e3d3f6bad9f680c3b0#file-cve-2025-63292-frebox-imsi-md", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-319"}]}], "descriptions": [{"lang": "en", "value": "Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 R\u00e9volution r1\u2013r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025."}], "lastModified": "2026-02-04T20:50:13.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v5_hd_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54ED083F-0871-4476-80F4-1BEE4A5CB578", "versionEndIncluding": "1.7.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v5_hd:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "516D3417-8A99-4656-977C-FD5176A4D5C9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v5_crystal_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A5FBD32-7294-4ECB-B935-4A2435678C31", "versionEndIncluding": "1.7.20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v5_crystal:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "758C1FD9-EC5B-46A7-B5CA-1B866F585BF3"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v6_revolution_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B03BBFF8-85B1-4292-84FA-B807D89DD104", "versionEndIncluding": "4.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v6_revolution:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2D3D5E82-4E3A-4CC4-AA8E-A7098108C828"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebox:mini_4k_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DD0530C-C5F0-4790-92E2-2F79FDD44B90", "versionEndIncluding": "4.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:freebox:mini_4k:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1BE098EA-039B-4128-93A3-F6D5F8A9E2F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:freebox:one_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE242584-50C0-447D-9BF5-EAB5058DFDA7", "versionEndIncluding": "4.7.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:freebox:one:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F76B23FD-A78C-4C9F-9712-8F1F3F8D63F4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}