CVE-2025-24937

EPSS 0.06%
Veröffentlicht 21.07.2025 06:31:24
Zuletzt bearbeitet 11.08.2025 14:52:45
Quelle b48c3b8f-639e-4c16-8725-497bc4
CVE-Watchlists
Login
Unerledigt
Login

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on.

The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nokia ≫ Wavesuite Noc Version23.6

Nokia ≫ Wavesuite Noc Version23.12

Nokia ≫ Wavesuite Noc Version24.6 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.132

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	9	2.3	6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24937/

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-24937

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-24937

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-24937

EUVD