CVE-2025-27022 – A path traversal vulnerability in Infinera G42'... (How to Fix)

Q: What is the severity of CVE-2025-27022?

CVE-2025-27022 has a CVSS score of 7.5 (HIGH). A path traversal vulnerability in Infinera G42's WebGUI HTTP endpoint allows authenticated remote users to download any readable files from the operating system. This affects Infinera G42 version R6.1.3 installations with the WebGUI exposed.

📋 TL;DR

A path traversal vulnerability in Infinera G42's WebGUI HTTP endpoint allows authenticated remote users to download any readable files from the operating system. This affects Infinera G42 version R6.1.3 installations with the WebGUI exposed.

💻 Affected Systems

Products:

Infinera G42

Versions: R6.1.3

Operating Systems: Not specified in CVE, likely embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WebGUI HTTP endpoint to be accessible and user authentication. The vulnerability exists in the WebGUI component specifically.

📦 What is this software?

G42 Firmware by Nokia

View all CVEs affecting G42 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could exfiltrate sensitive system files, configuration files, credentials, or proprietary data, potentially leading to complete system compromise.

🟠

Likely Case

Authenticated users (including compromised accounts) accessing sensitive configuration files, logs, or system information they shouldn't have access to.

🟢

If Mitigated

Limited impact with proper network segmentation, strong authentication controls, and file system permissions restricting the httpd service account.

🌐 Internet-Facing: HIGH - WebGUI endpoints exposed to the internet would allow any authenticated attacker worldwide to exploit this vulnerability.

🏢 Internal Only: MEDIUM - Internal attackers or compromised accounts could still access sensitive files, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is technically simple once authentication is obtained. Path traversal vulnerabilities typically involve manipulating file paths in HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: Not provided in CVE references

Restart Required: No

Instructions:

1. Check Infinera's official security advisories for patch availability. 2. If patch exists, download and apply according to vendor instructions. 3. Verify the fix by testing the WebGUI endpoint.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to the WebGUI HTTP endpoint to only trusted IP addresses or networks.

Use firewall rules to limit access: iptables -A INPUT -p tcp --dport [WEBGUI_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [WEBGUI_PORT] -j DROP

WebGUI Disablement

all

Disable the WebGUI HTTP endpoint if not required for operations.

Consult Infinera documentation for disabling WebGUI service

🧯 If You Can't Patch

Implement strict network segmentation to isolate Infinera G42 devices from untrusted networks
Enforce strong authentication policies and monitor for suspicious authentication attempts

🔍 How to Verify

Check if Vulnerable:

Test authenticated access to WebGUI endpoint with path traversal payloads (e.g., attempt to access /etc/passwd via manipulated URL parameters).

Check Version:

Check device version via WebGUI interface or CLI: show version (consult Infinera documentation for exact command)

Verify Fix Applied:

After applying vendor patch or workarounds, retest path traversal attempts to confirm they are blocked.

📡 Detection & Monitoring

Log Indicators:

HTTP requests with unusual file paths or directory traversal patterns (../, ..\) in WebGUI logs
Multiple failed authentication attempts followed by successful login and file access patterns

Network Indicators:

Unusual outbound data transfers from the Infinera device following WebGUI access
HTTP requests containing path traversal sequences to the WebGUI port

SIEM Query:

source="webgui_logs" AND (url="*../*" OR url="*..\*" OR url="*/etc/*" OR url="*/proc/*")

📊 Metadata

CVE ID: CVE-2025-27022

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

EPSS Score: 0.06% exploit probability (17.1th percentile)

Published: July 2, 2025

Last Updated: February 11, 2026

🔗 References

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27022 Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27022 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27022, you might also want to check these: