CVE-2025-0980

Summary

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Affected Software

VendorProductVersion RangeStatus
NokiaSR Linux<23.10.6affected
NokiaSR Linux<24.10.2affected
NokiaSR Linux23.10.6 and onwardsunaffected
NokiaSR Linux24.10.2 and onwardsunaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References