Security researchers have uncovered three critical vulnerabilities in Extreme Networks’ IQ Engine (HiveOS) that collectively enable authenticated attackers to escalate privileges, decrypt passwords, and execute arbitrary commands on affected systems.
The flaws—tracked as CVE-2025-27229, CVE-2025-27228, and CVE-2025-27227—were disclosed through coordinated efforts led by Lukas Schauer of Bonn-Rhein-Sieg University of Applied Sciences, prompting Extreme Networks to release patched firmware (version 10.7r5).
https://cybersecuritynews.com/hiveos-arbitrary-command/