CVE-2025-27026

MEDIUM

Infinera G42 R6.1.3 - Privilege Escalation

Title source: llm

Description

A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.

References (2)

[Third Party Advisory] https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27026

[Third Party Advisory] https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27026

Scores

CVSS v3 4.9

EPSS 0.0027

EPSS Percentile 50.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1220

Status published

Products (1)

nokia/g42_firmware 6.1.3 - 8.0

Published Jul 02, 2025

Tracked Since Feb 18, 2026