CVE-2025-27025 (GCVE-0-2025-27025)
Vulnerability from cvelistv5
Published
2025-07-02 09:52
Modified
2025-07-02 13:07
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-280 - Improper Handling of Insufficient Permissions or Privileges
Summary
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method.
References
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025
Impacted products
Vendor Product Version
Infinera G42 Version: 6.1.3   
Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-27025",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-02T13:02:39.066954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-02T13:07:42.554Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "G42",
          "vendor": "Infinera",
          "versions": [
            {
              "lessThan": "7.1",
              "status": "affected",
              "version": "6.1.3",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Agenzia per la Cybersicurezza Nazionale"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The target device exposes a service on a specific TCP port with a configured\n endpoint. The access to that endpoint is granted using a \u003cem\u003eBasic Authentication\u003c/em\u003e\n method. The endpoint accepts also the PUT method and it is possible to \nwrite files on the target device file system. Files are written as \u003cem\u003eroot\u003c/em\u003e.\n Using Postman it is possible to perform a Directory Traversal attack \nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \nsame mechanism to read any file from the file system by using the GET \nmethod.\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "The target device exposes a service on a specific TCP port with a configured\n endpoint. The access to that endpoint is granted using a Basic Authentication\n method. The endpoint accepts also the PUT method and it is possible to \nwrite files on the target device file system. Files are written as root.\n Using Postman it is possible to perform a Directory Traversal attack \nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \nsame mechanism to read any file from the file system by using the GET \nmethod."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-280",
              "description": "CWE-280: Improper Handling of Insufficient Permissions or Privileges",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-02T09:52:05.812Z",
        "orgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
        "shortName": "ENISA"
      },
      "references": [
        {
          "tags": [
            "government-resource"
          ],
          "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025"
        },
        {
          "tags": [
            "vdb-entry"
          ],
          "url": "https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Improper File Access in Infinera G42",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a6d3dc9e-0591-4a13-bce7-0f5b31ff6158",
    "assignerShortName": "ENISA",
    "cveId": "CVE-2025-27025",
    "datePublished": "2025-07-02T09:52:05.812Z",
    "dateReserved": "2025-02-18T06:59:55.889Z",
    "dateUpdated": "2025-07-02T13:07:42.554Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-27025\",\"sourceIdentifier\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"published\":\"2025-07-02T10:15:22.880\",\"lastModified\":\"2025-07-03T15:13:53.147\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The target device exposes a service on a specific TCP port with a configured\\n endpoint. The access to that endpoint is granted using a Basic Authentication\\n method. The endpoint accepts also the PUT method and it is possible to \\nwrite files on the target device file system. Files are written as root.\\n Using Postman it is possible to perform a Directory Traversal attack \\nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \\nsame mechanism to read any file from the file system by using the GET \\nmethod.\"},{\"lang\":\"es\",\"value\":\"El dispositivo objetivo expone un servicio en un puerto TCP espec\u00edfico con un endpoint configurado. El acceso a dicho endpoint se otorga mediante un m\u00e9todo de autenticaci\u00f3n b\u00e1sica. El endpoint tambi\u00e9n acepta el m\u00e9todo PUT y permite escribir archivos en el sistema de archivos del dispositivo objetivo. Los archivos se escriben como root. Con Postman, es posible realizar un ataque de Directory Traversal y escribir archivos en cualquier ubicaci\u00f3n del sistema de archivos del dispositivo. De forma similar al m\u00e9todo PUT, es posible utilizar el mismo mecanismo para leer cualquier archivo del sistema de archivos mediante el m\u00e9todo GET.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-280\"}]}],\"references\":[{\"url\":\"https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025\",\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\"},{\"url\":\"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025\",\"source\":\"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27025\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-02T13:02:39.066954Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-02T13:06:41.865Z\"}}], \"cna\": {\"title\": \"Improper File Access in Infinera G42\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Agenzia per la Cybersicurezza Nazionale\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Infinera\", \"product\": \"G42\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.3\", \"lessThan\": \"7.1\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27025\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27025\", \"tags\": [\"vdb-entry\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The target device exposes a service on a specific TCP port with a configured\\n endpoint. The access to that endpoint is granted using a Basic Authentication\\n method. The endpoint accepts also the PUT method and it is possible to \\nwrite files on the target device file system. Files are written as root.\\n Using Postman it is possible to perform a Directory Traversal attack \\nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \\nsame mechanism to read any file from the file system by using the GET \\nmethod.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The target device exposes a service on a specific TCP port with a configured\\n endpoint. The access to that endpoint is granted using a \u003cem\u003eBasic Authentication\u003c/em\u003e\\n method. The endpoint accepts also the PUT method and it is possible to \\nwrite files on the target device file system. Files are written as \u003cem\u003eroot\u003c/em\u003e.\\n Using Postman it is possible to perform a Directory Traversal attack \\nand write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the \\nsame mechanism to read any file from the file system by using the GET \\nmethod.\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-280\", \"description\": \"CWE-280: Improper Handling of Insufficient Permissions or Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\", \"shortName\": \"ENISA\", \"dateUpdated\": \"2025-07-02T09:52:05.812Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-27025\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-02T13:07:42.554Z\", \"dateReserved\": \"2025-02-18T06:59:55.889Z\", \"assignerOrgId\": \"a6d3dc9e-0591-4a13-bce7-0f5b31ff6158\", \"datePublished\": \"2025-07-02T09:52:05.812Z\", \"assignerShortName\": \"ENISA\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.