{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-63292", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-11-18T16:23:31.441Z", "dateReserved": "2025-10-27T00:00:00.000Z", "datePublished": "2025-11-17T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-11-17T19:25:11.159Z"}, "descriptions": [{"lang": "en", "value": "Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 R\u00e9volution r1\u2013r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/7h30th3r0n3/1a0fadb19f1528e3d3f6bad9f680c3b0#file-cve-2025-63292-frebox-imsi-md"}, {"url": "https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-319", "lang": "en", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-11-18T16:20:03.404927Z", "id": "CVE-2025-63292", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T16:23:31.441Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-63292", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-11-18T16:20:03.404927Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-319", "description": "CWE-319 Cleartext Transmission of Sensitive Information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-11-18T16:20:47.796Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/7h30th3r0n3/1a0fadb19f1528e3d3f6bad9f680c3b0#file-cve-2025-63292-frebox-imsi-md"}, {"url": "https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/"}], "descriptions": [{"lang": "en", "value": "Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 R\u00e9volution r1\u2013r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2025-11-17T19:25:11.159Z"}}}, "cveMetadata": {"cveId": "CVE-2025-63292", "state": "PUBLISHED", "dateUpdated": "2025-11-18T16:23:31.441Z", "dateReserved": "2025-10-27T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2025-11-17T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v5_hd_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "54ED083F-0871-4476-80F4-1BEE4A5CB578", "versionEndIncluding": "1.7.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v5_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "516D3417-8A99-4656-977C-FD5176A4D5C9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v5_crystal_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0A5FBD32-7294-4ECB-B935-4A2435678C31", "versionEndIncluding": "1.7.20", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v5_crystal:-:*:*:*:*:*:*:*", "matchCriteriaId": "758C1FD9-EC5B-46A7-B5CA-1B866F585BF3", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebox:v6_revolution_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B03BBFF8-85B1-4292-84FA-B807D89DD104", "versionEndIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:freebox:v6_revolution:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D3D5E82-4E3A-4CC4-AA8E-A7098108C828", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebox:mini_4k_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DD0530C-C5F0-4790-92E2-2F79FDD44B90", "versionEndIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:freebox:mini_4k:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BE098EA-039B-4128-93A3-F6D5F8A9E2F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:freebox:one_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "EE242584-50C0-447D-9BF5-EAB5058DFDA7", "versionEndIncluding": "4.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:freebox:one:-:*:*:*:*:*:*:*", "matchCriteriaId": "F76B23FD-A78C-4C9F-9712-8F1F3F8D63F4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 R\u00e9volution r1\u2013r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025."}], "id": "CVE-2025-63292", "lastModified": "2026-02-04T20:50:13.497", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-11-17T19:16:20.037", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/7h30th3r0n3/1a0fadb19f1528e3d3f6bad9f680c3b0#file-cve-2025-63292-frebox-imsi-md"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-319"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-11-18T09:06:02.338048+00:00", "updated": "2025-11-18T09:06:02.338086+00:00", "vendors": ["free", "free$PRODUCT$freebox_hd", "free$PRODUCT$freebox_mini", "free$PRODUCT$freebox_one", "free$PRODUCT$freebox_os", "free$PRODUCT$freebox_revolution", "free$PRODUCT$freebox_v5"]}