CVE-2025-27022
Published: 02 July 2025
Summary
CVE-2025-27022 is a high-severity Path Traversal (CWE-22) vulnerability in Nokia G42 Firmware. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 44.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-19697
- 🇪🇺 ENISA: euvd.enisa.europa.eu
Vulnerability details
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all…
more
files on the target machine file system that are readable to the user account used to run the httpd service.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Validates pathnames and filenames to prevent traversal outside intended directories.