CVE-2025-27024
Last modified
CVE-2025-27024 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nokia | G42 Firmware | >= 6.1.3, < 8.0 |
References
- https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024Third Party Advisory
- https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-27024?
How severe is CVE-2025-27024?
How do I fix CVE-2025-27024?
Are you affected by CVE-2025-27024?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST