CVE-2025-24938

High CVSS: 8.4

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver.

The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.

Vendor

Nokia

Product

Wavesuite Noc

CWE

CWE-78

Yayın Tarihi

2025-07-21 07:15:24

Güncelleme

2025-08-11 14:52:40

Source Identifier

b48c3b8f-639e-4c16-8725-497bc411dad0

KEV Date Added

Kategoriler

CWE-78 Wavesuite Noc HIGH Nokia 2025

Referanslar

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24938/

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…