CVE-2025-27023
BaseFortify
Publication date: 2025-07-02
Last updated on: 2026-02-11
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | g42_firmware | From 6.1.3 (inc) to 7.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to lack or insufficient input validation in the WebGUI CLI web interface of the Infinera G42 version R6.1.3. It allows remote authenticated users to read all operating system files by using specially crafted CLI commands. The web interface allows execution of a restricted set of commands and scripts, but when a non-script or incorrect file is specified, the file's content is displayed along with an error message. Because the HTTP service runs with privileged user rights, this flaw enables viewing of all files on the system.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a remote authenticated user to read any file on the operating system of the affected device. This could lead to exposure of sensitive information, configuration files, or credentials stored on the system, potentially compromising the security and confidentiality of the device and network it is part of.