Privilege Escalation Vulnerability in Ericsson Network Manager
CVE-2025-27258

6.9MEDIUM

Key Information:

Vendor: Ericsson
Status: Ericsson Network Manager(enm)
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-27258?

Ericsson Network Manager prior to version 25.1 GA is susceptible to a vulnerability that allows attackers to escalate their privileges within the system. This exploitation can lead to unauthorized access to sensitive functionalities, potentially compromising network security. It is crucial for users to update to the latest version to mitigate this risk and ensure robust security measures.

Affected Version(s)

Ericsson Network Manager(ENM) 0 < 25.1

References

https://www.ericsson.com/en/about-us/security/psirt/secur...

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli

JSON