CVE-2025-24936

Critical CVSS: 9.0

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet.

An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver.

Vendor

Nokia

Product

Wavesuite Noc

CWE

CWE-78

Yayın Tarihi

2025-07-21 07:15:23

Güncelleme

2025-08-11 14:52:51

Source Identifier

b48c3b8f-639e-4c16-8725-497bc411dad0

KEV Date Added

Kategoriler

CWE-78 Wavesuite Noc CRITICAL Nokia 2025

Referanslar

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24936/

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…