CVE-2025-65885 – This vulnerability allows local attackers to in... (How to Fix)

Q: What is the severity of CVE-2025-65885?

CVE-2025-65885 has a CVSS score of 5.1 (MEDIUM). This vulnerability allows local attackers to inject startup scripts via crafted .txt files in the Data directory on Nokia Symbian Belle devices running Delight Custom Firmware. Attackers can execute arbitrary code during system startup, potentially gaining persistent access. Only users of specific Nokia devices with Delight CFW installed are affected.

📋 TL;DR

This vulnerability allows local attackers to inject startup scripts via crafted .txt files in the Data directory on Nokia Symbian Belle devices running Delight Custom Firmware. Attackers can execute arbitrary code during system startup, potentially gaining persistent access. Only users of specific Nokia devices with Delight CFW installed are affected.

💻 Affected Systems

Products:

Delight Custom Firmware for Nokia Symbian Belle devices

Versions: Delight v1.0 through v6.7 (specific versions vary by device)

Operating Systems: Symbian Belle

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with Delight CFW installed; stock Symbian Belle not affected. Specific device models: Nokia 808, N8, E7, C7, 700, 701, 603, 500, E6, Oro, Vertu Constellation T.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with persistent backdoor installation, allowing attackers to steal sensitive data, monitor user activity, or use device as part of botnet.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to device functions and user data, potentially installing malware that persists across reboots.

🟢

If Mitigated

Limited impact if devices are not shared and users don't install untrusted files, though risk remains from malware or malicious apps.

🌐 Internet-Facing: LOW - Requires local file system access; not directly exploitable over network.

🏢 Internal Only: MEDIUM - Physical access or malware with file system permissions can exploit; shared devices in organizations at higher risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires creating specific .txt files in Data directory; trivial for attackers with file system access. Proof-of-concept details available in public references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: None

Vendor Advisory: https://www.symwld.com/delight/

Restart Required: No

Instructions:

No official patch available. Consider removing Delight CFW and returning to stock firmware, or apply workarounds below.

🔧 Temporary Workarounds

Restrict Data directory permissions

all

Prevent unauthorized write access to the Data directory where .txt files are processed

chmod 700 /Data (or equivalent on Symbian)

Monitor for suspicious .txt files

all

Regularly check Data directory for unexpected .txt files and remove them

ls -la /Data/*.txt
rm /Data/suspicious.txt

🧯 If You Can't Patch

Discontinue use of Delight CFW and revert to stock Symbian Belle firmware
Implement strict physical security controls and avoid sharing devices

🔍 How to Verify

Check if Vulnerable:

Check if Delight CFW is installed and examine Data directory for unexpected .txt files with startup script content

Check Version:

Check device settings or firmware info for 'Delight' version

Verify Fix Applied:

Verify Data directory permissions are restricted and no unauthorized .txt files exist

📡 Detection & Monitoring

Log Indicators:

Unexpected file creation in Data directory
Suspicious startup script execution

Network Indicators:

None - local exploit only

SIEM Query:

File creation events in Data directory with .txt extension on Symbian devices

📊 Metadata

CVE ID: CVE-2025-65885

CVSS v3 Score: 5.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-77

EPSS Score: 0.03% exploit probability (6.7th percentile)

Published: December 26, 2025

Last Updated: January 9, 2026

🔗 References

https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d192b49546d Third Party Advisory
https://www.symwld.com/delight/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65885, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Delight Custom Firmware by Symwld

Delight Custom Firmware by Symwld

Delight Custom Firmware by Symwld

Delight Custom Firmware by Symwld

Delight Custom Firmware by Symwld

Delight Custom Firmware by Symwld

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Data directory permissions

Monitor for suspicious .txt files

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities