CVE-2025-27084

Summary

CVE-2025-27084 is a newly identified vulnerability affecting the Captive Portal of AOS-10 GW and AOS-8 Controller/Mobility Conductor. This issue enables a remote attacker to execute reflected cross-site scripting (XSS) attacks. Successfully exploiting this vulnerability allows the attacker to inject and run arbitrary script code in the victim's browser, potentially gaining unauthorized access to sensitive information or taking control of the affected interface. This poses a serious security risk to network administrators and users alike. To mitigate this threat, it is recommended to apply the necessary patches or upgrades provided by the vendor as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.