CVE-2025-27021
Title: Nokia G42 Auth Bypass
Proof Of Concept
No public PoC currently indexed for CVE-2025-27021.
Vulnerability Summary
CVE-2025-27021: The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address.
Impacted Vendors
Reference Links
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2025-27021 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data updated via NVD.
Vulnerability data updated via NVD.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Stack
No specific products linked.