Severity by source
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
PR:L chosen because 'authenticated user' implies standard login, not pre-existing admin; C:H reflects superuser granting full read access to all system data.
Primary rating from Vendor (Nokia).
CVSS VectorVendor: Nokia
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Lifecycle Timeline
5DescriptionCVE.org
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.
AnalysisAI
Local privilege escalation in Nokia SR Linux (multiple release branches prior to 23.10.8, 24.10.6, and 25.7.2) allows an authenticated local user to execute arbitrary commands with superuser (root) privilege. Rooted in CWE-269 (Improper Privilege Management), this flaw enables a user who has already obtained a local session on the network OS to break out of their assigned privilege boundary and gain full control of the system. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog; however, Nokia has confirmed a patch and self-reported the issue.
Technical ContextAI
Nokia SR Linux is a modern, container-based network operating system designed for data-center routing and switching hardware. The affected CPE (cpe:2.3:a:nokia:nokia_sr_linux:*:*:*:*:*:*:*:*) spans the entire product line across three concurrent release branches. CWE-269 (Improper Privilege Management) indicates the root cause: the OS fails to correctly enforce privilege separation between an authenticated lower-privileged user context and superuser capabilities - typically manifesting as misconfigured SUID binaries, overly permissive sudo rules, insecure capability assignments, or privilege-dropping failures in a service or CLI subsystem. Because SR Linux uses a microservices and Linux container model underneath, a superuser breakout may also affect container boundaries and underlying host-level processes, amplifying the blast radius beyond what the S:U (Scope Unchanged) CVSS assignment might suggest.
RemediationAI
Nokia has released patches across all three affected branches; operators should upgrade to Nokia SR Linux 23.10.8 or later (LTS branch), 24.10.6 or later (maintenance branch), or 25.7.2 or later (current branch), per the Nokia security advisory at https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-9912/. Until patching is complete, compensating controls should focus on minimizing local account exposure: restrict interactive SSH and console access to SR Linux nodes to the smallest set of named operators using ACL-based source-IP filtering, enforce multi-factor authentication for all management-plane logins where supported, audit and remove unused local user accounts, and monitor for anomalous superuser session activity via syslog or SIEM alerting on privilege-elevation events. Note that restricting local account access limits operational flexibility during maintenance windows and should be balanced against change-management procedures.
Same weakness CWE-269 – Improper Privilege Management
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210165
GHSA-qpm5-pwpp-hh9x