CVE-2025-0980
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-07

Last updated on: 2026-01-08

Assigner: Nokia

Description
Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-08
Generated
2026-06-16
AI Q&A
2026-01-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-0980
EUVD
EUVD-2026-1228
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nokia sr_linux to 24.10.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an authentication bypass in Nokia SR Linux's JSON-RPC service. Due to improper access control and invalid validation, unauthorized users can access the JSON-RPC interface without providing valid authentication credentials. It affects SR Linux versions earlier than 23.10.6 and 24.10.2 on certain Nokia hardware platforms. [1]

Impact Analysis

Exploiting this vulnerability can allow unauthorized local users with high privileges to access the JSON-RPC service, potentially compromising confidentiality, integrity, and availability of the system. This could lead to unauthorized actions or data exposure on affected Nokia SR Linux devices. [1]

Mitigation Strategies

Apply the fixes provided in SR Linux versions 23.10.6, 24.10.2, or later to mitigate the authentication bypass vulnerability in the JSON-RPC service. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-0980. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart