Cyber Resilience

CVE-2025-9974

High

Published: 02 February 2026

Published
02 February 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0002 6.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-9974 is a high-severity OS Command Injection (CWE-78) vulnerability in Nokia (inferred from references). Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 6.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-9974 affects the unified WEBUI application in ONT/Beacon devices, where an input handling flaw (CWE-78) allows authenticated users to trigger unintended system-level command execution. The issue stems from insufficient validation of user-supplied data, enabling arbitrary command injection on the underlying ONT/Beacon operating system. Published on 2026-02-02, it carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A low-privileged authenticated attacker with adjacent network access (AV:A) can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows execution of arbitrary commands on the device OS, potentially leading to high impacts on confidentiality, integrity, and availability.

Mitigation details are available in the Nokia product security advisory at https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-9974/.

EU & UK References

Vulnerability details

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary…

more

commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

CWE-78 command injection in web UI directly enables remote OS command execution (T1059.004 Unix Shell) via authenticated access to a network-exposed application (T1190).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-42454Shared CWE-78
CVE-2026-34796Shared CWE-78
CVE-2024-57016Shared CWE-78
CVE-2025-50475Shared CWE-78
CVE-2024-57015Shared CWE-78
CVE-2026-36828Shared CWE-78
CVE-2024-57595Shared CWE-78
CVE-2026-25196Shared CWE-78
CVE-2024-50566Shared CWE-78
CVE-2026-23592Shared CWE-78

Affected Assets

Nokia
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of user-supplied inputs in the WEBUI to prevent command injection from insufficient data validation.

prevent

Requires identification, reporting, and correction of the specific input handling flaw enabling arbitrary OS command execution on the ONT/Beacon device.

prevent

Enforces least privilege to restrict the impact of arbitrary command execution by low-privileged authenticated users on the underlying operating system.

References