CVE-2025-10262
Awaiting Analysis Awaiting Analysis - Queue

Local Privilege Escalation in Nokia SR Linux

Vulnerability report for CVE-2025-10262, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Nokia

Description

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nokia sr_linux to 25.7.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-134 The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-10262 is a local privilege escalation vulnerability in Nokia SR Linux caused by unsanitized format validation. This means that the software does not properly check or clean certain input formats, which can be exploited by an authenticated user.

Successful exploitation allows the attacker to execute arbitrary commands with superuser (root) privileges, giving them full control over the affected system.

The vulnerability affects all SR Linux versions prior to 23.10.8, 24.10.6, and 25.7.2, and impacts hardware platforms including 7215 IXS, 7220 IXR, 7250 IXR, and 7730 SXR.

Impact Analysis

This vulnerability can have serious impacts because it allows an authenticated user to escalate their privileges to superuser level.

  • An attacker with lower-level access could gain full control over the system.
  • They could execute arbitrary commands, potentially leading to data theft, system disruption, or further compromise.
  • It could affect the integrity, confidentiality, and availability of the affected systems.
Detection Guidance

Detection of this vulnerability involves verifying the version of Nokia SR Linux running on your systems, as the vulnerability affects all SR Linux versions prior to 23.10.8, 24.10.6, and 25.7.2.

You can check the SR Linux version by running the following command on the device:

  • show version

If the version is older than the fixed versions mentioned, the system is vulnerable.

Mitigation Strategies

To mitigate this vulnerability, immediately upgrade your Nokia SR Linux devices to one of the fixed versions: 23.10.8, 24.10.6, 25.7.2, or later.

Ensure that only authenticated and authorized users have access to the system to reduce the risk of exploitation.

Monitor for any unusual activity that could indicate attempts to exploit this local privilege escalation vulnerability.

Compliance Impact

The provided information does not specify how the local privilege escalation vulnerability in Nokia SR Linux impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10262. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart