Data Exfiltration and Redirection Vulnerability in Ericsson Network Manager
CVE-2025-27259

2.4LOW

Key Information:

Vendor: Ericsson
Status: Ericsson Network Manager(enm)
Vendor: CVE Published:; 13 October 2025

What is CVE-2025-27259?

Ericsson Network Manager versions prior to ENM 25.2 GA are susceptible to a vulnerability that could allow attackers to exfiltrate limited data or redirect users to malicious sites or domains. This security issue emphasizes the need for organizations to update their software to mitigate potential risks and safeguard their network infrastructure.

Affected Version(s)

Ericsson Network Manager(ENM) 0

References

https://www.ericsson.com/en/about-us/security/psirt/secur...

CVSS V4

Score:

2.4

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli

JSON