Executive Summary

CVE-2025-9912 is a local privilege escalation vulnerability in Nokia SR Linux. It allows an authenticated user to execute arbitrary commands with superuser privileges.

This means that someone who already has access to the system with limited permissions can exploit this vulnerability to gain full administrative control.

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can lead to an authenticated user gaining superuser privileges, which allows them to execute any command on the affected system.

• Complete control over the system by unauthorized users.
• Potential compromise of confidentiality, integrity, and availability of data and services.
• Increased risk of further attacks or system misuse.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the local privilege escalation vulnerability in Nokia SR Linux, you should upgrade your SR Linux systems to one of the fixed versions: 23.10.8, 24.10.6, 25.7.2, or later.

Ensure that only authenticated and authorized users have access to the system to reduce the risk of exploitation.

Verify that your hardware platforms, including 7215 IXS, 7220 IXR, 7250 IXR, and 7730 SXR, are running the updated software versions.

Useful 0 Not Useful 0