Skip to main content

Nokia SR Linux EUVDEUVD-2025-210164

| CVE-2025-10262 MEDIUM
Use of Externally-Controlled Format String (CWE-134)
2026-06-16 Nokia GHSA-h3gf-qq8m-r4r7
6.3
CVSS 3.1 · Vendor: Nokia
Share

Severity by source

Vendor (Nokia) PRIMARY
6.3 MEDIUM
AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
vuln.today AI
6.7 MEDIUM

Superuser execution grants full node control, warranting C:H over the vendor's C:L; all other vendor metrics are well-supported by the description.

3.1 AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (Nokia).

CVSS VectorVendor: Nokia

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
Jun 16, 2026 - 13:27 vuln.today
CVSS changed
Jun 16, 2026 - 13:22 NVD
6.3 (MEDIUM)
Patch available
Jun 16, 2026 - 07:01 EUVD
CVE Published
Jun 16, 2026 - 05:40 cve.org
UNKNOWN (no severity yet)
CVE Published
Jun 16, 2026 - 05:40 cve.org
MEDIUM 6.3

DescriptionCVE.org

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.

AnalysisAI

Local privilege escalation in Nokia SR Linux affects multiple release trains and allows an already-authenticated user holding elevated local privileges to execute arbitrary commands as superuser by exploiting unsanitized format string handling (CWE-134). The attack vector is local and requires high prior privileges (CVSS AV:L/PR:H), significantly limiting the exposure surface compared to a network-exploitable flaw. No public exploit code and no CISA KEV listing have been identified at time of analysis; Nokia has released patches across all affected branch lines.

Technical ContextAI

CWE-134 (Use of Externally-Controlled Format String) occurs when user-supplied input is passed to a format function (e.g., printf-family) without sanitization, allowing injection of format specifiers such as %n, %x, or %s to read/write arbitrary memory or redirect execution. In Nokia SR Linux - a Linux-based network operating system for IP/MPLS routing and data center fabric scenarios (CPE cpe:2.3:a:nokia:sr_linux:*) - the flaw resides in the input validation layer, meaning a crafted input submitted through an authenticated management interface or CLI session triggers the format string mishandling. The scope change is not present (S:U), indicating the exploit remains within the SR Linux process boundary, but successful exploitation yields superuser-level command execution, which effectively compromises the entire node.

RemediationAI

Upgrade to a fixed SR Linux release: 23.10.8 or later for the 23.10.x train, 24.10.6 or later for the 24.10.x train, or 25.7.2 or later for the 25.7.x train, as documented in the Nokia security advisory at https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/. Because exploitation requires a locally authenticated user with high privileges, operators who cannot immediately patch should audit and restrict the set of accounts holding elevated SR Linux CLI roles, enforce multi-factor authentication or privileged access workstation (PAW) controls for management access, and review SR Linux role-based access control (RBAC) policies to enforce least-privilege on all operator accounts. These compensating controls reduce the attacker's opportunity but do not eliminate the underlying format string flaw, so patching remains the definitive remediation.

Share

EUVD-2025-210164 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy