%20--%3e%3csvg%20version='1.1'%20id='Layer_1'%20x='0px'%20y='0px'%20viewBox='0%200%20107.30001%20140.79999'%20xml:space='preserve'%20sodipodi:docname='mind_logo_positief.svg'%20width='107.30001'%20height='140.79999'%20xmlns:inkscape='http://www.inkscape.org/namespaces/inkscape'%20xmlns:sodipodi='http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd'%20xmlns='http://www.w3.org/2000/svg'%20xmlns:svg='http://www.w3.org/2000/svg'%3e%3cdefs%20id='defs29'%20/%3e%3csodipodi:namedview%20id='namedview29'%20pagecolor='%23505050'%20bordercolor='%23eeeeee'%20borderopacity='1'%20inkscape:showpageshadow='0'%20inkscape:pageopacity='0'%20inkscape:pagecheckerboard='0'%20inkscape:deskcolor='%23d1d1d1'%3e%3cinkscape:page%20x='0'%20y='0'%20width='107.30001'%20height='140.79999'%20id='page2'%20margin='0'%20bleed='0'%20/%3e%3c/sodipodi:namedview%3e%3cstyle%20type='text/css'%20id='style1'%3e%20.st0{fill:%231F1FA3;}%20.st1{fill:url(%23SVGID_1_);}%20.st2{fill:url(%23SVGID_00000033333245342322421190000001486717665348835473_);}%20.st3{fill:url(%23SVGID_00000075852413222229328580000001131059578544388517_);}%20%3c/style%3e%3cg%20id='g9'%20transform='translate(-21.299999,-20.6)'%3e%3clinearGradient%20id='SVGID_1_'%20gradientUnits='userSpaceOnUse'%20x1='4.8695998'%20y1='142.78'%20x2='99.248901'%20y2='35.348301'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop4'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop5'%20/%3e%3c/linearGradient%3e%3crect%20x='21.299999'%20y='64'%20class='st1'%20width='19.9'%20height='97.400002'%20id='rect5'%20style='fill:url(%23SVGID_1_)'%20/%3e%3clinearGradient%20id='SVGID_00000007421653842672228110000012418760815982452352_'%20gradientUnits='userSpaceOnUse'%20x1='23.7796'%20y1='159.3925'%20x2='118.1588'%20y2='51.9608'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop6'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop7'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000007421653842672228110000012418760815982452352_)'%20d='M%2072.3,64%20H%2064%20v%2075.2%20H%2085.1%20V%2076.8%20C%2085.1,69.7%2079.4,64%2072.3,64%20Z'%20id='path7'%20/%3e%3clinearGradient%20id='SVGID_00000072986549029232277750000008760038133176911550_'%20gradientUnits='userSpaceOnUse'%20x1='20.501699'%20y1='156.51289'%20x2='114.881'%20y2='49.0812'%3e%3cstop%20offset='0'%20style='stop-color:%2347EFF0'%20id='stop8'%20/%3e%3cstop%20offset='1'%20style='stop-color:%23297BFF'%20id='stop9'%20/%3e%3c/linearGradient%3e%3cpath%20style='fill:url(%23SVGID_00000072986549029232277750000008760038133176911550_)'%20d='M%2073.6,20.6%20H%2064%20v%2019.9%20h%209.6%20c%2019.3,0%2035.1,15.7%2035.1,35.1%20v%2044.3%20h%2019.9%20V%2075.6%20c%200,-30.3%20-24.7,-55%20-55,-55%20z'%20id='path9'%20/%3e%3c/g%3e%3c/svg%3e)
Affected Component
Analysis
hostapd
Patched
Name
CVE-2025-24912
Description
hostapd fails to process crafted RADIUS packets properly. When hostapd authenticates wi-fi devices with RADIUS authentication, an attacker in the position between the hostapd and the RADIUS server may inject crafted RADIUS packets and force RADIUS authentications to fail.
CWEs
Published Date
Updated Date
Workaround
-
Analysis#
Vulnerability Ratings#
3.7
other
NaN
other
Others affected components#
Name
Project
Project Version
Version
Status
buildroot
master
2.11
Patched
openwrt
master
2026.04.02~b004de0bf1b54d669d358b7f33d6f474bd9719a6-r1
Not Affected
openwrt
master
2020.06.08~5a8b366233f5585e68a4ffbb604fbb4a848eb325-r10
Not Affected
openwrt
openwrt-25.12
2025.08.26~ca266cc24d8705eb1a2a0857ad326e48b1408b20-r1
Not Affected
openwrt
openwrt-25.12
2020.06.08~5a8b366233f5585e68a4ffbb604fbb4a848eb325-r10
Not Affected
yocto
kirkstone
2.10
Patched
yocto
master
2.11
Patched
yocto
scarthgap
2.10
Patched
Resolved with patches#
hostapd (buildroot:2025.02.x)
#
Title
Author
Resolve
1
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
2
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912
hostapd (buildroot:master)
#
Title
Author
Resolve
1
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
2
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912
hostapd (yocto:kirkstone)
#
Title
Author
Resolve
1
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
2
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912
hostapd (yocto:master)
#
Title
Author
Resolve
1
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
2
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912
hostapd (yocto:scarthgap)
#
Title
Author
Resolve
1
RADIUS: Drop pending request only when accepting the response
Jouni Malinen <j@w1.fi>
CVE-2025-24912
2
RADIUS: Fix pending request dropping
Jouni Malinen <quic_jouni@quicinc.com>
CVE-2025-24912