Insufficient Input Validation in Infinera G42 CLI Web Interface
CVE-2025-27023

6.5MEDIUM

Key Information:

Vendor: Infinera
Status: G42
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-27023?

The Infinera G42's management interface suffers from insufficient input validation, allowing remote authenticated users to exploit crafted CLI commands. By leveraging this vulnerability, users can inadvertently access sensitive information, including all OS files, through improperly specified commands. This situation arises due to the execution of its HTTP service under a privileged user context, which facilitates unauthorized file viewings. It's essential for users of this appliance to evaluate their systems and ensure that proper input validation measures are in place to mitigate potential risks.

Affected Version(s)

G42 6.1.3 < 7.1

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27023

government-resource

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27023

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Agenzia per la Cybersicurezza Nazionale