CVE-2025-27024
BaseFortify
Publication date: 2025-07-02
Last updated on: 2026-02-11
Assigner: ENISA
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | g42_firmware | From 6.1.3 (inc) to 8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-280 | The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability allows remote authenticated users with Network Administrator profile credentials to access the operating system's file system via the SFTP service on Infinera G42 version R6.1.3. Instead of being restricted to a chrooted directory, these users can read and write OS files according to the OS permissions, effectively bypassing intended directory restrictions.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access and modification of critical operating system files by remote authenticated users. This could compromise system integrity, lead to data leakage, or allow attackers to manipulate system files, potentially causing operational disruptions or further security breaches.