CVE-2025-0980
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-07

Last updated on: 2026-01-08

Assigner: Nokia

Description
Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-08
Generated
2026-05-07
AI Q&A
2026-01-07
EPSS Evaluated
2026-05-05
NVD
CVE-2025-0980
EUVD
EUVD-2026-1228
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nokia sr_linux to 24.10.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an authentication bypass in Nokia SR Linux's JSON-RPC service. Due to improper access control and invalid validation, unauthorized users can access the JSON-RPC interface without providing valid authentication credentials. It affects SR Linux versions earlier than 23.10.6 and 24.10.2 on certain Nokia hardware platforms. [1]


How can this vulnerability impact me? :

Exploiting this vulnerability can allow unauthorized local users with high privileges to access the JSON-RPC service, potentially compromising confidentiality, integrity, and availability of the system. This could lead to unauthorized actions or data exposure on affected Nokia SR Linux devices. [1]


What immediate steps should I take to mitigate this vulnerability?

Apply the fixes provided in SR Linux versions 23.10.6, 24.10.2, or later to mitigate the authentication bypass vulnerability in the JSON-RPC service. [1]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart