CVE-2025-9974 | THREATINT

Description

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device.

PUBLISHED Reserved 2025-09-04 | Published 2026-02-02 | Updated 2026-02-03 | Assigner Nokia

Product status

Default status

affected

Releases prior to BBDR2503

affected

BBDR2503 and later releases

unaffected

References

www.nokia.com/...ty/product-security-advisory/cve-2025-9974/ (Nokia Security Advisory)

cve.org (CVE-2025-9974)

nvd.nist.gov (CVE-2025-9974)

Download JSON