CVE-2025-27022

High CVSS: 7.5

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3
allows remote authenticated users to download all OS files via HTTP
requests.

Details:

Lack or insufficient validation of user-supplied input allows
authenticated users to access all files on the target machine file
system that are readable to the user account used to run the httpd
service.

Vendor

Nokia

Product

G42 Firmware

CWE

CWE-22

Yayın Tarihi

2025-07-02 09:15:25

Güncelleme

2026-02-11 21:31:52

Source Identifier

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

KEV Date Added

Kategoriler

CWE-22 G42 Firmware HIGH Nokia 2025

Referanslar

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27022 https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27022

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…