CVE-2025-27026

Published Jul 2, 2025

Last updated 15 days ago

CVSS medium 4.9

Overview

Description
A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop CLI interface but deactivates also Linux Shell, WebGUI and Physical Serial Console access. No confirmation is asked at deactivation time. Loosing access to these services device administrators are at risk of completely loosing device control.
Source
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.9
Impact score
3.6
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

a6d3dc9e-0591-4a13-bce7-0f5b31ff6158
CWE-1220

Social media

Hype score
Not currently trending

  1. CVE-2025-27026 A missing double-check feature in the WebGUI for CLI deactivation in Infinera G42 version R6.1.3 allows an authenticated administrator to make other management inte… https://t.co/DNnzwuZOns

    @CVEnew

    2 Jul 2025

    435 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.