CVE-2025-24937 is a critical vulnerability identified in Nokia's WaveSuite NOC product versions 23.6, 23.12, and 24.6. The vulnerability allows an attacker to read arbitrary files from the local file system of the server hosting the WaveSuite NOC web application. More severely, it permits the insertion of malicious code into files that are subsequently downloaded and executed by the web server. This leads to a full compromise of the web application and the container environment in which it operates. The vulnerability stems from the web application's capability to include arbitrary files into a downloadable and executable file without proper validation or sanitization. Since the vulnerable component is bound to the network stack and accessible over the Internet, the attack surface extends to any remote attacker with network access, potentially including the entire Internet. Exploitation does not require authentication or user interaction, increasing the risk. The lack of a CVSS score indicates this is a newly published vulnerability (as of July 2025) with no known exploits in the wild yet, but the technical details suggest a high risk of exploitation and impact. The vulnerability could lead to unauthorized disclosure of sensitive information, unauthorized code execution, and complete takeover of the affected containerized environment, severely impacting confidentiality, integrity, and availability of the system.

For European organizations using Nokia WaveSuite NOC, particularly those in telecommunications, network operations centers, and critical infrastructure management, this vulnerability poses a significant threat. Unauthorized file access could expose sensitive configuration files, credentials, or operational data, leading to information leakage. The ability to inject and execute malicious code could allow attackers to pivot within the network, disrupt network management operations, or cause denial of service by compromising the container environment. Given that WaveSuite NOC is used for network operations, a successful attack could impact network stability and availability, affecting service delivery to customers and possibly violating regulatory requirements such as GDPR due to data breaches. The broad network exposure increases the likelihood of remote exploitation, making it a high-risk threat for organizations relying on this product in Europe.

Organizations should immediately verify if they are running affected versions of Nokia WaveSuite NOC (23.6, 23.12, or 24.6). Since no patch links are currently available, it is critical to engage with Nokia support for any available updates or workarounds. In the interim, restrict network access to the WaveSuite NOC management interfaces by implementing strict firewall rules and network segmentation to limit exposure to trusted IP addresses only. Employ web application firewalls (WAF) with custom rules to detect and block attempts to exploit file inclusion vulnerabilities. Conduct thorough logging and monitoring for unusual file access patterns or code execution attempts on the WaveSuite NOC servers. Additionally, consider running the application containers with least privilege and enabling container security features such as read-only file systems and process isolation to limit the impact of potential exploitation. Regularly audit and review access controls and credentials associated with the WaveSuite NOC environment. Finally, prepare incident response plans to quickly contain and remediate any compromise.