Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-63292

EPSS 0.01% · P1
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-63292

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Freebox v5 HD (firmware = 1.7.20), Freebox v5 Crystal (firmware = 1.7.20), Freebox v6 Révolution r1–r3 (firmware = 4.7.x), Freebox Mini 4K (firmware = 4.7.x), and Freebox One (firmware = 4.7.x) were discovered to expose subscribers' IMSI identifiers in plaintext during the initial phase of EAP-SIM authentication over the `FreeWifi_secure` network. During the EAP-Response/Identity exchange, the subscriber's full Network Access Identifier (NAI), which embeds the raw IMSI, is transmitted without encryption, tunneling, or pseudonymization. An attacker located within Wi-Fi range (~100 meters) can passively capture these frames without requiring user interaction or elevated privileges. The disclosed IMSI enables device tracking, subscriber correlation, and long-term monitoring of user presence near any broadcasting Freebox device. The vendor acknowledged the vulnerability, and the `FreeWifi_secure` service is planned for full deactivation by 1 October 2025.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Freebox多款产品 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Freebox v5等都是法国Free公司的一个电视盒子。 Freebox多款产品存在安全漏洞,该漏洞源于IMSI标识符明文传输,可能导致设备跟踪和用户监控。以下产品及版本受到影响:Freebox v5 HD 1.7.20版本、Freebox v5 Crystal 1.7.20版本、Freebox v6 Révolution r1至r3 4.7.x版本、Freebox Mini 4K 4.7.x版本和Freebox One 4.7.x版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2025-63292

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-63292

登录查看更多情报信息。

Same Patch Batch · n/a · 2025-11-17 · 28 CVEs total

CVE-2024-44644PHPGurukul Small CRM 安全漏洞
CVE-2025-64046OpenRapid RapidCMS 安全漏洞
CVE-2025-63748SourceForge QaTraq 安全漏洞
CVE-2025-63916MyScreenTools 安全漏洞
CVE-2025-63747SourceForge QaTraq 安全漏洞
CVE-2025-63918PDFPatcher 安全漏洞
CVE-2025-63917PDFPatcher 安全漏洞
CVE-2025-63708SourceCodester AI Font Matcher 安全漏洞
CVE-2024-46335PHPGurukul Complaint Management System 安全漏洞
CVE-2024-46336Kashipara Responsive School Management System 安全漏洞
CVE-2024-46334Kashipara Responsive School Management System 安全漏洞
CVE-2024-44658PHPGurukul Complaint Management System 安全漏洞
CVE-2024-44647PHPGurukul Small CRM 安全漏洞
CVE-2024-44663PHPGurukul Online Shopping Portal 安全漏洞
CVE-2024-44662PHPGurukul Online Shopping Portal 安全漏洞
CVE-2024-44664PHPGurukul Online Shopping Portal 安全漏洞
CVE-2024-44657PHPGurukul Complaint Management System 安全漏洞
CVE-2024-44660PHPGurukul Online Shopping Portal 安全漏洞
CVE-2024-44641PHPGurukul Small CRM 安全漏洞
CVE-2024-44651Kashipara Online Furniture Shopping Ecommerce Website 安全漏洞

Showing top 20 of 28 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2025-63292

No comments yet

Leave a comment