CVE-2025-27024 – This vulnerability allows remote authenticated ... (How to Fix)

Q: What is the severity of CVE-2025-27024?

CVE-2025-27024 has a CVSS score of 6.5 (MEDIUM). This vulnerability allows remote authenticated users with Network Administrator privileges in Infinera G42 version R6.1.3 to read and write arbitrary OS files via SFTP connections. The SFTP service fails to properly restrict users to chrooted directories, exposing the entire file system to authorized attackers.

📋 TL;DR

This vulnerability allows remote authenticated users with Network Administrator privileges in Infinera G42 version R6.1.3 to read and write arbitrary OS files via SFTP connections. The SFTP service fails to properly restrict users to chrooted directories, exposing the entire file system to authorized attackers.

💻 Affected Systems

Products:

Infinera G42

Versions: R6.1.3

Operating Systems: Not specified, likely embedded Linux-based OS

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects users with Network Administrator profile credentials. Requires SFTP service to be enabled and accessible.

📦 What is this software?

G42 Firmware by Nokia

View all CVEs affecting G42 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise including theft of sensitive data, installation of persistent malware, credential harvesting, and disruption of network operations.

🟠

Likely Case

Unauthorized access to configuration files, logs, and sensitive system data leading to information disclosure and potential privilege escalation.

🟢

If Mitigated

Limited impact if proper network segmentation, least privilege access, and monitoring are in place to detect unusual SFTP activity.

🌐 Internet-Facing: HIGH if SFTP service is exposed to the internet, as authenticated attackers can access the entire file system.

🏢 Internal Only: MEDIUM to HIGH depending on internal network segmentation and access controls for Network Administrator accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid Network Administrator credentials and SFTP access. The vulnerability is straightforward to exploit once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in available references

Vendor Advisory: Not provided in references

Restart Required: No

Instructions:

1. Contact Infinera support for patch availability and guidance. 2. Monitor vendor security advisories for updates. 3. Apply patch when available following vendor instructions.

🔧 Temporary Workarounds

Disable SFTP Service

linux

Temporarily disable SFTP service if not required for operations

# Check vendor documentation for SFTP disable procedure
# Typically involves service management commands

Restrict Network Access

linux

Implement firewall rules to restrict SFTP access to trusted IP addresses only

iptables -A INPUT -p tcp --dport 22 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP

🧯 If You Can't Patch

Implement strict network segmentation to isolate Infinera G42 devices from untrusted networks
Enforce least privilege by reviewing and minimizing Network Administrator accounts, implementing multi-factor authentication, and monitoring SFTP access logs

🔍 How to Verify

Check if Vulnerable:

1. Verify system is Infinera G42 version R6.1.3. 2. Test with Network Administrator credentials via SFTP client to attempt access to files outside expected directories (e.g., /etc/passwd).

Check Version:

# Check vendor documentation for version command
# Typically: show version or similar CLI command

Verify Fix Applied:

After applying vendor patch or workarounds, retest SFTP access to confirm chroot restrictions are properly enforced.

📡 Detection & Monitoring

Log Indicators:

Unusual SFTP access patterns
SFTP connections accessing system directories like /etc, /var, /root
Multiple failed SFTP authentication attempts followed by successful access

Network Indicators:

SFTP connections from unexpected IP addresses
High volume of SFTP data transfer
SFTP sessions accessing non-standard directories

SIEM Query:

source="sftp_logs" AND (path="*/etc/*" OR path="*/root/*" OR path="*/var/*") AND action="read" OR action="write"

📊 Metadata

CVE ID: CVE-2025-27024

CVSS v3 Score: 6.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-280

EPSS Score: 0.06% exploit probability (18th percentile)

Published: July 2, 2025

Last Updated: February 11, 2026

🔗 References

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024 Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-27024, you might also want to check these: