CVE-2025-27023

Published Jul 2, 2025

Last updated 15 days ago

CVSS medium 6.5

Overview

Description
Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI commands. Details: The web interface based management of the Infinera G42 appliance enables the feature of executing a restricted set of commands. This feature also offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to an execution of the http service with a privileged user all files on the file system can be viewed this way.
Source
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CWE-20

Social media

Hype score
Not currently trending

  1. CVE-2025-27023 Lack or insufficent input validation in WebGUI CLI web in Infinera G42 version R6.1.3 allows remote authenticated users to read all OS files via crafted CLI command… https://t.co/JLZvuxGgdn

    @CVEnew

    2 Jul 2025

    479 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.