Description

Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.

INFO

Published Date :

2025-07-02T09:38:32.141Z

Last Modified :

2025-07-02T13:07:51.401Z

Source :

ENISA
AFFECTED PRODUCTS

The following products are affected by CVE-2025-27024 vulnerability.

Vendors Products
Nokia
  • G42
  • G42 Firmware
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-27024.

URL Resource
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024 cve-icon cve-icon
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact