Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-27558
CVE-2025-27558:
Linux Ubuntu vulnerability analysis and mitigation
Overview
IEEE P802.11-REVme D1.1 through D7.0 contains a vulnerability that allows FragAttacks against mesh networks. This vulnerability affects networks using Wi-Fi Protected Access (WPA, WPA2, or WPA3) or Wired Equivalent Privacy (WEP). The issue exists due to an incorrect fix for a previous vulnerability (CVE-2020-24588) and affects P802.11-REVme, which as of early 2025, is a planned release of the 802.11 standard (NVD).
Technical details
The vulnerability specifically impacts mesh networks implementing various Wi-Fi security protocols including WPA, WPA2, WPA3, and WEP. The technical issue allows attackers to inject arbitrary frames towards devices that support receiving non-SSP A-MSDU frames. The vulnerability has been assigned a CVSS v3.1 Base Score of 9.1 CRITICAL with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (Wiz).
Impact
The vulnerability enables attackers to inject arbitrary frames into affected mesh networks, potentially compromising the security of network communications. This could lead to unauthorized access, data manipulation, or other security breaches in mesh network environments (Wiz).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management