Improper Input Validation in Infinera MTC-9 Affects Service Stability
CVE-2025-26488

7.5HIGH

Key Information:

Vendor: Infinera
Status: Mtc-9
Vendor: CVE Published:; 8 December 2025

What is CVE-2025-26488?

The Infinera MTC-9 product suffers from an improper input validation flaw that enables remote unauthenticated attackers to exploit crafted XML payloads. This vulnerability can lead to a denial of service (DoS) condition by crashing the service and triggering a reboot of the appliance. Such instability can significantly affect the operational efficiency and reliability of the impacted systems. It is crucial for users operating MTC-9 versions below R23.0 to implement appropriate mitigations to safeguard their services.

Affected Version(s)

MTC-9 R22.1.1.0275

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-26488

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 8, 2025
Vulnerability Reserved
Feb 11, 2025

JSON