CVE-2025-11192 HIGH

CVE-2025-11192: Fabric Engine (VOSS) AutoSense Authentication Bypass

Vendor Extreme Networks
Product Fabric Engine (VOSS)
Weakness CWE-287 · Improper authentication
Published October 7, 2025
Last update October 8, 2025

CVSS base score

8.4/10
Attack vector Physical
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N

What the vulnerability does

01Description

A vulnerability in Extreme Networks’ Fabric Engine (VOSS) before 9.3 was discovered. When SD-WAN AutoSense is enabled on a port, it may automatically configure fabric connectivity without validating ISIS authentication settings. The SD-WAN AutoSense implementation may be exploited by malicious actors by allowing unauthorized access to network fabric and configuration data.

Key dates

02Disclosure timeline

October 7, 2025 CVE published
October 8, 2025 Record updated