CVE-2025-27024

Medium CVSS: 6.5

Unrestricted access to OS file system in SFTP service in Infinera G42
version R6.1.3 allows remote authenticated users to read/write OS files
via SFTP connections.

Details: Account members of the Network Administrator profile can access the
target machine via SFTP with the same credentials used for SSH CLI
access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.

Vendor

Nokia

Product

G42 Firmware

CWE

CWE-280

Yayın Tarihi

2025-07-02 10:15:22

Güncelleme

2026-02-11 21:28:14

Source Identifier

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158

KEV Date Added

Kategoriler

CWE-280 G42 Firmware MEDIUM Nokia 2025

Referanslar

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024 https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024

Benzer Kayıtlar

High

CVE-2021-35486

A Cross-Site Request Forgery (CSRF) vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote a…

Low

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23_FP1. In Impact DM 19.11 onwards, a remote authenticated user, u…

Medium

CVE-2021-35483

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

High

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL…

High

CVE-2021-35485

The Applications component of Nokia IMPACT version through 19.11.2.10-20210118042150283 allows an authenticated user to…

Medium

CVE-2025-10258

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may r…