CVE-2025-9974

HIGH EPSS 31.9%

Published Feb 2, 20264mo ago · Modified Jun 17, 20261w ago

8.0 CVSS 3.1

High

Published Feb 2, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device.

CVSS Details

Base Score

8.0

Exploitability

2.1

Impact

5.9

Vector string

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

31.9% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-78 OS Command Injection Injection

References 1

nokia.com https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-9974/

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.