Local Script Injection Vulnerability in Delight Custom Firmware for Nokia Devices
CVE-2025-65885

5.1MEDIUM

Key Information:

Vendor: Delight
Status: Custom Firmware (CFW)
Vendor: CVE Published:; 26 December 2025

What is CVE-2025-65885?

A vulnerability in the Delight Custom Firmware for various Nokia Symbian Belle devices allows local attackers to execute arbitrary startup scripts by injecting crafted .txt files into the :\Data directory. This flaw impacts multiple versions across several device models, making it crucial for users to be aware of the potential risks and implement necessary security measures.

References

https://www.symwld.com/delight/

https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d1...

CVSS V3.1

Score:

5.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 26, 2025
Vulnerability Reserved
Nov 18, 2025

JSON