Unrestricted File System Access in Infinera G42 SFTP Service
CVE-2025-27024

6.5MEDIUM

Key Information:

Vendor: Infinera
Status: G42
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-27024?

The Infinera G42, specifically version R6.1.3, presents a vulnerability in its SFTP service that permits remote authenticated users to bypass restrictions and gain unauthorized read/write access to the OS file system. Users with the Network Administrator profile can log in via SFTP using the same credentials as their SSH CLI access, allowing them to navigate outside their designated chrooted directory and interact with system-level files in accordance with the OS’s existing permission settings. This flaw exposes sensitive data and potentially allows further exploitation of the system.

Affected Version(s)

G42 6.1.3 < 8.0

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27024

government-resource

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27024

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Feb 18, 2025

Credit

Agenzia per la Cybersicurezza Nazionale