CVE-2025-27259 | THREATINT

Description

Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.

PUBLISHED Reserved 2025-02-21 | Published 2025-10-13 | Updated 2025-10-14 | Assigner ERIC

LOW: 2.4CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Product status

Default status

unaffected

Any version before all versions prior to 25.2

affected

Credits

Ericsson would like to thank the following personnel from TIM Security Red Team Research for reporting these issues to us: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli reporter

References

www.ericsson.com/...psirt/security-bulletin-enm-october-2025

cve.org (CVE-2025-27259)

nvd.nist.gov (CVE-2025-27259)

Download JSON