CVE-2025-63292
π TL;DR
This vulnerability exposes subscribers' IMSI identifiers in plaintext during EAP-SIM authentication on Freebox devices' FreeWifi_secure network. An attacker within Wi-Fi range can passively capture these identifiers without user interaction, enabling device tracking and subscriber correlation. All users of affected Freebox devices with FreeWifi_secure enabled are impacted.
π» Affected Systems
- Freebox v5 HD
- Freebox v5 Crystal
- Freebox v6 RΓ©volution r1βr3
- Freebox Mini 4K
- Freebox One
β οΈ Risk & Real-World Impact
Worst Case
Persistent tracking of subscriber movements, correlation of multiple devices to the same subscriber, long-term surveillance of user presence near Freebox devices, potential for targeted attacks using IMSI information.
Likely Case
Passive collection of IMSI identifiers by nearby attackers, creation of movement profiles for subscribers, correlation of devices to specific subscribers over time.
If Mitigated
Limited exposure window until service deactivation, reduced tracking capability if users avoid affected networks, minimal impact if FreeWifi_secure is disabled.
π― Exploit Status
Exploitation requires only passive Wi-Fi sniffing within range (~100m). No authentication or user interaction needed. Public proof-of-concept demonstrates IMSI capture.
π οΈ Fix & Mitigation
β Official Fix
Patch Version: N/A
Vendor Advisory: https://7h30th3r0n3.fr/the-vulnerability-that-killed-freewifi_secure/
Restart Required: No
Instructions:
No firmware patch available. The vendor plans to fully deactivate FreeWifi_secure service by October 1, 2025. Users should disable FreeWifi_secure immediately.
π§ Temporary Workarounds
Disable FreeWifi_secure
allCompletely disable the FreeWifi_secure service on affected Freebox devices to prevent IMSI exposure.
Access Freebox admin interface > Network > Wi-Fi > Disable FreeWifi_secure
Use alternative authentication
allSwitch to WPA2/WPA3 personal or enterprise authentication instead of EAP-SIM on FreeWifi_secure.
Access Freebox admin interface > Network > Wi-Fi > Change authentication method
π§― If You Can't Patch
- Disable FreeWifi_secure service immediately through device administration interface
- Use alternative Wi-Fi networks and avoid connecting to FreeWifi_secure
π How to Verify
Check if Vulnerable:
Check if FreeWifi_secure is enabled on affected Freebox devices. Use Wi-Fi sniffing tools to capture EAP-Response/Identity frames and check for plaintext IMSI in NAI.Check Version:
Access Freebox admin interface > System > Information to check firmware versionVerify Fix Applied:
Verify FreeWifi_secure service is disabled in device settings. Confirm no EAP-SIM authentication traffic is broadcast from the device.π‘ Detection & Monitoring
Log Indicators:
- EAP-SIM authentication attempts
- FreeWifi_secure service activity logs
Network Indicators:
- EAP-Response/Identity frames containing plaintext IMSI in NAI
- 802.1X authentication traffic on FreeWifi_secure SSID
SIEM Query:
source="freebox" AND (event_type="eap_auth" OR ssid="FreeWifi_secure")