CVE-2025-24937
BaseFortify
Publication date: 2025-07-21
Last updated on: 2025-08-11
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | wavesuite_noc | 23.6 |
| nokia | wavesuite_noc | 23.12 |
| nokia | wavesuite_noc | 24.6 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-24937 is a critical file inclusion vulnerability in Nokia's WaveSuite NOC products that allows an attacker to read arbitrary files from the local file system and insert malicious code into those files. This can lead to a full compromise of the affected web application and the container it runs on. The vulnerability is accessible over the network and can be exploited by attackers from the Internet. [1]
How can this vulnerability impact me? :
This vulnerability can lead to severe impacts including unauthorized disclosure of sensitive files, insertion of malicious code, and complete compromise of the web application and its container environment. This means attackers could gain control over the application and potentially the underlying system, leading to data breaches, service disruption, and further exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update your Nokia WaveSuite NOC products to version 24.6 FP3 or later, where the fix has been implemented. This will address the file inclusion flaw and prevent attackers from reading arbitrary files or inserting malicious code. [1]