What is CVE-2025-24912?

CVE-2025-24912 is a low-severity vulnerability in Jouni Malinen Hostapd, classified under CWE-826. CVSS score: 3.7/10. Published 2025-03-12.

How severe is CVE-2025-24912?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Jouni Malinen Hostapd

CVE-2025-24912

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and forc…

EPSS: 0.000 (10.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L.

Affected products

Jouni Malinen Hostapd — versions 2.11 and earlier

Weakness classification (CWE)

CWE-826

References

w1.fi/hostapd/
w1.fi/cgit/hostap/commit/
w1.fi/cgit/hostap/commit/
jvn.jp/en/jp/JVN19358384/

Frequently asked questions

What is CVE-2025-24912?: CVE-2025-24912 is a low-severity vulnerability in Jouni Malinen Hostapd, classified under CWE-826. CVSS score: 3.7/10. Published 2025-03-12.
How severe is CVE-2025-24912?: Low severity. CVSS v3 base score is 3.7 out of 10.