CVE-2025-27258 | THREATINT

Description

Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.

PUBLISHED Reserved 2025-02-21 | Published 2025-10-13 | Updated 2025-10-14 | Assigner ERIC

MEDIUM: 6.9CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-284: Improper Access Control

Product status

Default status

unaffected

Any version before 25.1

affected

Credits

Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli reporter

References

www.ericsson.com/...psirt/security-bulletin-enm-october-2025

cve.org (CVE-2025-27258)

nvd.nist.gov (CVE-2025-27258)

Download JSON