Login Sign Up

CVE-2025-61879

7.7 HIGH

📋 TL;DR

A high-privileged user in Infoblox NIOS can exploit the account creation mechanism to write arbitrary files to the system. This affects Infoblox NIOS versions through 9.0.7. The vulnerability could allow privilege escalation or system compromise.

💻 Affected Systems

Products:
  • Infoblox NIOS
Versions: through 9.0.7
Operating Systems: Infoblox appliance OS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires high-privileged user account access to exploit.

📦 What is this software?

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

Nios by Infoblox

View all CVEs affecting Nios →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through arbitrary file writes leading to privilege escalation, backdoor installation, or service disruption.

🟠

Likely Case

Privilege escalation by a malicious high-privileged user writing configuration files or scripts to gain persistent access.

🟢

If Mitigated

Limited impact if proper access controls and monitoring are in place to detect unusual account creation activities.

🌐 Internet-Facing: LOW - Requires high-privileged user access, not directly exploitable from internet.
🏢 Internal Only: HIGH - Internal high-privileged users could exploit this for lateral movement or persistence.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires high-privileged user credentials and knowledge of the account creation mechanism.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.0.8 or later

Vendor Advisory: https://support.infoblox.com/s/article/CVE-2025-61879-and-CVE-2025-61880

Restart Required: No

Instructions:

1. Log into Infoblox Grid Manager. 2. Navigate to Grid Properties > Upgrade/Downgrade. 3. Upload and apply patch version 9.0.8 or later. 4. Verify successful upgrade.

🔧 Temporary Workarounds

Restrict High-Privileged Account Access

all

Limit the number of high-privileged users and implement strict access controls.

Monitor Account Creation Activities

all

Enable detailed logging for all account creation and modification events.

🧯 If You Can't Patch

  • Implement strict least-privilege access controls for all user accounts.
  • Monitor and audit all account creation and file write activities in system logs.

🔍 How to Verify

Check if Vulnerable:

Check NIOS version via Grid Manager or CLI. If version is 9.0.7 or earlier, system is vulnerable.

Check Version:

show version

Verify Fix Applied:

Verify NIOS version is 9.0.8 or later after applying patch.

📡 Detection & Monitoring

Log Indicators:

  • Unusual account creation events by high-privileged users
  • Unexpected file write operations in system logs

Network Indicators:

  • Unusual authentication patterns from high-privileged accounts

SIEM Query:

source="infoblox" AND (event_type="account_creation" OR event_type="file_write") AND user_privilege="high"

📊 Metadata

CVE ID: CVE-2025-61879
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-73
EPSS Score: 0.03% exploit probability (6.7th percentile)
Published: February 12, 2026
Last Updated: February 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-61879, you might also want to check these:

CVE-2026-27211 10.0

Cloud Hypervisor versions 34.0 through 50.0 are vulnerable to host file exfiltration when using virt...

Same vulnerability type (CWE-73)
CVE-2024-55371 9.8

Wallos versions up to 2.38.2 contain a file upload vulnerability in the restore backup function that...

Same vulnerability type (CWE-73)
CVE-2025-29708 9.8

SourceCodester Company Website CMS 1.0 contains an unauthenticated file upload vulnerability in the ...

Same vulnerability type (CWE-73)