CVE-2025-27022

A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 
allows remote authenticated users to download all OS files via HTTP 
requests.


Details: 

Lack or insufficient validation of user-supplied input allows 
authenticated users to access all files on the target machine file 
system that are readable to the user account used to run the httpd 
service.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
ENISACNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
Common Weakness Enumeration
References
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27022
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27022