Extreme Networks has recently released security advisories to address three critical vulnerabilities affecting its IQ Engine (HiveOS) product line. These vulnerabilities, discovered by Lukas Schauer with Bonn-Rhein-Sieg, University of Applied Sciences, could potentially allow attackers to gain unauthorized access, escalate privileges, and execute arbitrary commands on vulnerable systems.
The following vulnerabilities have been identified:
-
CVE-2025-27229: HiveOS Unsanitized SSH Tunnel Call: This vulnerability allows an authenticated attacker to escalate user-level access to root shell access through an unsanitized SSH tunnel call.
-
CVE-2025-27228: HiveOS User Level Password Decryption: This vulnerability allows an authenticated attacker to decrypt user-level passwords via CLI functionality.
-
CVE-2025-27227: HiveOS Client SSID Newline Injection: This vulnerability allows an authenticated attacker to execute arbitrary commands through newline injection in the Client-SSID setting command.
These vulnerabilities affect all versions of HiveOS prior to 10.7r5. Successful exploitation could lead to a complete compromise of the affected systems, allowing attackers to steal sensitive data, disrupt services, and install additional malware.
Extreme Networks strongly recommends that users immediately upgrade their HiveOS systems to version 10.7r5 or later to mitigate these vulnerabilities. The company also advises users to follow security best practices, such as implementing strong passwords and limiting access to sensitive systems.
Organizations using HiveOS are urged to take immediate action to address these vulnerabilities and prevent potential compromises.
