VYPR
Unrated severityNVD Advisory· Published Jul 2, 2025· Updated Jul 2, 2025

Improper File Access in Infinera G42

CVE-2025-27024

Description

Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections.

Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Infinera/G42llm-fuzzy2 versions
    = R6.1.3+ 1 more
    • (no CPE)range: = R6.1.3
    • (no CPE)range: 6.1.3

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.