VYPR

DNA

by Infinera

CVEs (3)

  • CVE-2025-0416HigApr 1, 2025
    risk 0.58cvss epss 0.00

    Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege…

  • CVE-2025-0418MedApr 1, 2025
    risk 0.34cvss epss 0.00

    Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

  • CVE-2025-10258Feb 5, 2026
    risk 0.00cvss epss 0.00

    Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.