CVE-2025-26489

EPSS 0.13%
Veröffentlicht 08.12.2025 08:56:12
Zuletzt bearbeitet 22.12.2025 18:55:55
Quelle a6d3dc9e-0591-4a13-bce7-0f5b31
CVE-Watchlists
Login
Unerledigt
Login

Improper input validation in the Netconf service in Infinera MTC-9 allows remote authenticated users to crash the service and 
reboot the appliance, thus causing a DoS condition, via crafted XML 
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nokia ≫ Infinera Mtc-9 Firmware Version >= 22.1.1.0275 < 23.0

Nokia ≫ Infinera Mtc-9 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.333

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
a6d3dc9e-0591-4a13-bce7-0f5b31ff6158	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.cve.org/CVERecord?id=CVE-2025-26489

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-26489

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-26489

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-26489

EUVD