Login Sign Up

CVE-2025-24936

9.0 CRITICAL
Remote Code Execution

📋 TL;DR

This vulnerability allows remote command injection in a web application, enabling attackers to execute arbitrary operating system commands with web server privileges. Any internet-facing system running the affected software is vulnerable to exploitation from anywhere on the internet.

💻 Affected Systems

Products:
  • Nokia web application components
Versions: Specific versions not detailed in advisory
Operating Systems: All platforms running affected software
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in web application components that process user input

📦 What is this software?

Wavesuite Noc by Nokia

View all CVEs affecting Wavesuite Noc →

Wavesuite Noc by Nokia

View all CVEs affecting Wavesuite Noc →

Wavesuite Noc by Nokia

View all CVEs affecting Wavesuite Noc →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or complete server takeover

🟠

Likely Case

Web server compromise allowing data exfiltration, lateral movement, or backdoor installation

🟢

If Mitigated

Limited impact with proper input validation and command sanitization in place

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires low-privileged access to the application interface

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched versions

Vendor Advisory: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24936/

Restart Required: Yes

Instructions:

1. Review Nokia security advisory 2. Apply recommended patches 3. Restart affected services 4. Verify fix implementation

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation to reject suspicious characters

# Implement in application code: validate user input against whitelist patterns

Command Sanitization

all

Sanitize all user input before passing to system commands

# Use parameterized commands or safe APIs instead of shell execution

🧯 If You Can't Patch

  • Implement web application firewall with command injection rules
  • Restrict network access to vulnerable systems using firewall rules

🔍 How to Verify

Check if Vulnerable:

Test application with controlled command injection payloads in safe environment

Check Version:

# Check application version against patched versions in advisory

Verify Fix Applied:

Verify input validation prevents command execution and check patch version

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution patterns
  • Suspicious system commands from web process

Network Indicators:

  • Unexpected outbound connections from web server
  • Command and control traffic patterns

SIEM Query:

source="web_logs" AND (command="cmd.exe" OR command="/bin/sh" OR command="powershell")

📊 Metadata

CVE ID: CVE-2025-24936
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-78
EPSS Score: 0.05% exploit probability (13.9th percentile)
Published: July 21, 2025
Last Updated: August 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24936, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)