CVE-2025-27022

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-27022
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27022
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27022
Configurations

No configuration.

History

03 Jul 2025, 15:13

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de path traversal del endpoint HTTP WebGUI en Infinera G42 versiĆ³n R6.1.3 permite a usuarios remotos autenticados descargar todos los archivos del sistema operativo mediante solicitudes HTTP. Detalles: La falta o la validaciĆ³n insuficiente de la entrada del usuario permite a los usuarios autenticados acceder a todos los archivos del sistema de archivos del equipo de destino que son legibles para la cuenta de usuario utilizada para ejecutar el servicio httpd.

02 Jul 2025, 10:15

Type Values Removed Values Added
CWE CWE-22
Summary (en) Path traversal in WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service. (en) A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.

02 Jul 2025, 09:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-02 09:15

Updated : 2025-07-03 15:13

NVD link : CVE-2025-27022

Mitre link : CVE-2025-27022

CVE.ORG link : CVE-2025-27022

JSON object : View

Products Affected

No product.

CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')