CVE-2025-24912Premature Release of Resource During Expected Lifetime in Hostapd

CWE-826Premature Release of Resource During Expected Lifetime6 documents6 sources
Severity
3.7LOWNVD
EPSS
0.2%
top 57.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
W1.fi HostapdJouni Malinen Hostapd
Timeline
PublishedMar 12

Description

hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages2 packages

NVDw1.fi/hostapd2.11
CVEListV5jouni_malinen/hostapd2.11 and earlier

Patches

Patch: w1.fiPatch: w1.fi

🔴Vulnerability Details

3
GHSA
GHSA-97x4-g54c-4pvm: hostapd fails to process crafted RADIUS packets properly2025-03-12
CVEList
CVE-2025-24912: hostapd fails to process crafted RADIUS packets properly2025-03-12
OSV
CVE-2025-24912: hostapd fails to process crafted RADIUS packets properly2025-03-12

📋Vendor Advisories

2
Red Hat
hostapd: RADIUS Packet Processing Flaw in hostapd2025-03-12
Debian
CVE-2025-24912: wpa - hostapd fails to process crafted RADIUS packets properly. When hostapd authentic...2025
CVE-2025-24912 — W1.fi Hostapd vulnerability | cvebase