Description
File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server.
References (1)
Core 1
Core References
Scores
CVSS v3
9.0
EPSS
0.0023
EPSS Percentile
13.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-98
Status
published
Products (3)
nokia/wavesuite_noc
23.6
nokia/wavesuite_noc
23.12
nokia/wavesuite_noc
24.6
Published
Jul 21, 2025
Tracked Since
Feb 18, 2026