File Inclusion Vulnerability in Nokia Web Applications
CVE-2025-24937

Currently unrated

Key Information:

Vendor: Nokia
Status: Wavesuite Noc
Vendor: CVE Published:; 21 July 2025

What is CVE-2025-24937?

An attacker can exploit this vulnerability to access sensitive content from the local file system due to improper file handling in the affected web applications. This enables unauthorized users to insert malicious code into files handled by the web server, potentially compromising not just the application, but also the underlying container environment. The open nature of the network stack further expands the attack surface to a broad range of potential attackers across the internet.

Affected Version(s)

WaveSuite NOC WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12

WaveSuite NOC WS-NOC 24.6 FP3

References

https://www.nokia.com/about-us/security-and-privacy/produ...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2025
Vulnerability Reserved
Jan 29, 2025