CVE-2025-0980 is a critical authentication bypass vulnerability identified in Nokia SR Linux, a network operating system widely used in telecom and enterprise environments. The flaw resides in the JSON-RPC service, which is designed to allow remote procedure calls over JSON for device management and automation. Due to improper validation logic, the service permits access without requiring valid authentication credentials, effectively allowing an attacker to interact with the device management interface unauthenticated. This can lead to unauthorized configuration changes, information disclosure, or disruption of network operations. The affected versions are all releases prior to 23.10.6 and 24.10.2, indicating that Nokia has addressed the issue in these or later versions. No public exploit code or active exploitation has been reported yet, but the vulnerability's nature makes it highly exploitable if discovered by malicious actors. The lack of a CVSS score suggests the need for a severity assessment based on impact and exploitability factors. Given that the vulnerability compromises authentication controls and exposes critical management interfaces, the risk to network integrity and availability is significant. The vulnerability is particularly concerning for organizations relying on Nokia SR Linux for core network infrastructure, as unauthorized access could facilitate lateral movement, persistent access, or denial of service.

For European organizations, the impact of CVE-2025-0980 could be severe. Unauthorized access to network device management interfaces can lead to manipulation of routing, firewall rules, or other critical configurations, potentially causing network outages or data interception. Telecom operators, internet service providers, and large enterprises using Nokia SR Linux are at heightened risk, as their infrastructure is critical for communications and business continuity. Compromise could also enable attackers to pivot to other internal systems, increasing the scope of damage. Confidentiality is at risk due to potential exposure of sensitive configuration data; integrity is threatened by unauthorized changes; and availability could be impacted by disruptive actions. The absence of known exploits currently provides a window for proactive mitigation, but the vulnerability’s ease of exploitation and critical role of affected systems elevate the threat level. Regulatory compliance in Europe, including GDPR and NIS Directive requirements, may also be impacted if this vulnerability leads to data breaches or service disruptions.

Organizations should immediately inventory their network devices to identify Nokia SR Linux instances running affected versions. They must prioritize upgrading to versions 23.10.6, 24.10.2, or later where the vulnerability is patched. Until patches are applied, access to the JSON-RPC service should be strictly limited via network segmentation, firewall rules, or VPNs to trusted administrators only. Implementing strong network access controls and monitoring for unusual JSON-RPC activity can help detect exploitation attempts. Additionally, organizations should review and harden authentication mechanisms and consider disabling unused management interfaces. Regular auditing of device configurations and logs will aid in early detection of unauthorized access. Coordination with Nokia support for guidance and updates is recommended. Finally, integrating this vulnerability into incident response plans will prepare teams for rapid action if exploitation is detected.