CVE-2025-10258 – Infinera DNA is vulnerable to time-based SQL in... (How to Fix)

Q: What is the severity of CVE-2025-10258?

CVE-2025-10258 has a CVSS score of 6.3 (MEDIUM). Infinera DNA is vulnerable to time-based SQL injection due to insufficient input validation, allowing attackers to extract sensitive information from databases by manipulating SQL queries with timing delays. This affects organizations using vulnerable versions of Infinera DNA network management software.

📋 TL;DR

Infinera DNA is vulnerable to time-based SQL injection due to insufficient input validation, allowing attackers to extract sensitive information from databases by manipulating SQL queries with timing delays. This affects organizations using vulnerable versions of Infinera DNA network management software.

💻 Affected Systems

Products:

Infinera DNA

Versions: Specific versions not disclosed in available advisory

Operating Systems: Unknown

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the DNA network management software; exact affected versions not specified in public advisory.

📦 What is this software?

Infinera Dna by Nokia

View all CVEs affecting Infinera Dna →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to exposure of all stored sensitive data including credentials, network configurations, and customer information.

🟠

Likely Case

Extraction of specific sensitive information through blind SQL injection techniques, potentially enabling further attacks.

🟢

If Mitigated

Limited information leakage if proper input validation and database permissions are enforced.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Time-based SQL injection requires specialized tools and knowledge; exploitation depends on application authentication requirements.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in public advisory

Vendor Advisory: https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10258/

Restart Required: Yes

Instructions:

1. Contact Infinera support for patch availability 2. Apply recommended security updates 3. Restart affected services 4. Verify fix implementation

🔧 Temporary Workarounds

Input Validation Enhancement

all

Implement strict input validation and parameterized queries for all user inputs

Network Segmentation

all

Restrict network access to Infinera DNA management interfaces

🧯 If You Can't Patch

Implement web application firewall with SQL injection rules
Restrict database user permissions to minimum required access

🔍 How to Verify

Check if Vulnerable:

Check Infinera DNA version against vendor advisory; test for SQL injection vulnerabilities using authorized penetration testing tools.

Check Version:

Check Infinera DNA administration interface or contact vendor for version information

Verify Fix Applied:

Verify patch installation through version check and conduct authorized security testing to confirm SQL injection is no longer exploitable.

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns
Repeated requests with SQL-like syntax
Abnormal response timing patterns

Network Indicators:

Multiple requests with SQL injection payloads
Unusual traffic to database ports from web servers

SIEM Query:

source="web_logs" AND (message="*sleep(*" OR message="*waitfor*" OR message="*benchmark(*" OR message="*pg_sleep(*")

📊 Metadata

CVE ID: CVE-2025-10258

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE: CWE-89

EPSS Score: 0.03% exploit probability (8.3th percentile)

Published: February 5, 2026

Last Updated: February 26, 2026

🔗 References

https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10258/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10258, you might also want to check these: