CVE-2025-9912
Awaiting Analysis Awaiting Analysis - Queue

Privilege Escalation in Nokia SR Linux

Vulnerability report for CVE-2025-9912, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-16

Assigner: Nokia

Description

Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-16
Generated
2026-07-06
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nokia sr_linux to 23.10.8|end_excluding=24.10.6|end_excluding=25.7.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-269 The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-9912 is a local privilege escalation vulnerability in Nokia SR Linux. It allows an authenticated user to execute arbitrary commands with superuser privileges.

This means that someone who already has access to the system with limited permissions can exploit this vulnerability to gain full administrative control.

Impact Analysis

Exploitation of this vulnerability can lead to an authenticated user gaining superuser privileges, which allows them to execute any command on the affected system.

  • Complete control over the system by unauthorized users.
  • Potential compromise of confidentiality, integrity, and availability of data and services.
  • Increased risk of further attacks or system misuse.
Mitigation Strategies

To mitigate the local privilege escalation vulnerability in Nokia SR Linux, you should upgrade your SR Linux systems to one of the fixed versions: 23.10.8, 24.10.6, 25.7.2, or later.

Ensure that only authenticated and authorized users have access to the system to reduce the risk of exploitation.

Verify that your hardware platforms, including 7215 IXS, 7220 IXR, 7250 IXR, and 7730 SXR, are running the updated software versions.

Compliance Impact

The vulnerability allows an authenticated user to execute arbitrary commands with superuser privileges, which can lead to unauthorized access and potential compromise of system confidentiality, integrity, and availability.

Such a security weakness could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of sensitive data and strict access controls to prevent unauthorized privilege escalation.

However, the provided information does not explicitly state the direct effects on compliance with these regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart