CVE-2025-9974
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-02-02

Last updated on: 2026-02-03

Assigner: Nokia

Description
The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-03
Generated
2026-06-16
AI Q&A
2026-02-02
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9974
EUVD
EUVD-2025-206613
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nokia beacon to BBDR2503 (exc)
nokia ont to BBDR2503 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9974 is an authenticated OS command injection vulnerability in the unified WEBUI application of Nokia ONT/Beacon devices. It occurs because the application does not properly validate user-supplied input, allowing a low-privileged authenticated user to execute arbitrary system-level commands on the device's operating system. This means an attacker with limited access can run commands that were not intended, potentially compromising the device. [1]

Impact Analysis

This vulnerability can impact you by compromising the confidentiality, integrity, and availability of the affected Nokia ONT/Beacon devices. An attacker exploiting this flaw could execute arbitrary commands on the device, potentially leading to unauthorized access to sensitive information, modification or deletion of data, and disruption or denial of device services. [1]

Mitigation Strategies

To mitigate this vulnerability, update the firmware of your Nokia Beacon and ONT devices to version BBDR2503 or later, as this release contains the fix for the issue. Additionally, contact Nokia support for further assistance if needed. [1]

Compliance Impact

The vulnerability allows low-privileged authenticated users to execute arbitrary system-level commands, potentially compromising the confidentiality, integrity, and availability of the device. Such compromises can lead to violations of common standards and regulations like GDPR and HIPAA, which require protection of data confidentiality and integrity. Therefore, this vulnerability may negatively impact compliance with these regulations if exploited. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9974. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart