CVE-2025-0980
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-0980, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-07

Last updated on: 2026-01-08

Assigner: Nokia

Description

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-07
Last Modified
2026-01-08
Generated
2026-07-06
AI Q&A
2026-01-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nokia sr_linux to 24.10.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in Nokia SR Linux's JSON-RPC service. Due to improper access control and invalid validation, unauthorized users can access the JSON-RPC interface without providing valid authentication credentials. It affects SR Linux versions earlier than 23.10.6 and 24.10.2 on certain Nokia hardware platforms. [1]

Impact Analysis

Exploiting this vulnerability can allow unauthorized local users with high privileges to access the JSON-RPC service, potentially compromising confidentiality, integrity, and availability of the system. This could lead to unauthorized actions or data exposure on affected Nokia SR Linux devices. [1]

Mitigation Strategies

Apply the fixes provided in SR Linux versions 23.10.6, 24.10.2, or later to mitigate the authentication bypass vulnerability in the JSON-RPC service. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart