CVE-2025-0980
📋 TL;DR
Nokia SR Linux has an authentication bypass vulnerability in its JSON-RPC service that allows attackers to access the service without valid credentials. This affects all organizations running vulnerable versions of Nokia SR Linux network operating system. The vulnerability stems from improper validation of authentication mechanisms.
💻 Affected Systems
- Nokia SR Linux
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of network device allowing configuration changes, traffic interception, credential harvesting, and lateral movement to other network segments.
Likely Case
Unauthorized access to device management interface leading to configuration changes, service disruption, and potential data exfiltration.
If Mitigated
Limited impact if JSON-RPC service is not exposed to untrusted networks and proper network segmentation is in place.
🎯 Exploit Status
The vulnerability allows unauthenticated access, making exploitation straightforward once the service endpoint is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Nokia security advisory for specific fixed versions
Vendor Advisory: https://www.nokia.com/we-are-nokia/security/product-security-advisory/CVE-2025-0980/
Restart Required: Yes
Instructions:
1. Review Nokia security advisory for specific fixed versions. 2. Download and apply the appropriate patch from Nokia support portal. 3. Restart affected SR Linux devices. 4. Verify the fix by testing authentication requirements.
🔧 Temporary Workarounds
Disable JSON-RPC Service
linuxTemporarily disable the vulnerable JSON-RPC service if not required for operations
# SR Linux CLI command to disable JSON-RPC
# system management json-rpc disable
Network Access Control
allRestrict network access to JSON-RPC service using firewall rules
# Example iptables rule to restrict access
# iptables -A INPUT -p tcp --dport <json-rpc-port> -s <trusted-networks> -j ACCEPT
# iptables -A INPUT -p tcp --dport <json-rpc-port> -j DROP
🧯 If You Can't Patch
- Implement strict network segmentation to isolate SR Linux management interfaces from untrusted networks
- Enable additional authentication layers and monitor for unauthorized access attempts
🔍 How to Verify
Check if Vulnerable:
Attempt to access JSON-RPC service without authentication. If access is granted, the system is vulnerable.Check Version:
# SR Linux CLI command
# show versionVerify Fix Applied:
Attempt to access JSON-RPC service without authentication. Access should be denied with proper authentication required.📡 Detection & Monitoring
Log Indicators:
- Unauthenticated JSON-RPC access attempts
- Failed authentication logs followed by successful JSON-RPC operations
- Unexpected configuration changes via JSON-RPC
Network Indicators:
- Unusual JSON-RPC traffic from unauthorized sources
- JSON-RPC requests without authentication headers
SIEM Query:
source="SR-Linux" AND (event_type="json-rpc-access" AND auth_status="none") OR (event_type="config-change" AND user="unknown")