CVE-2025-24937 is a critical vulnerability affecting Nokia WaveSuite NOC versions 24.6, 23.6, and 23.12. The flaw allows an attacker to read arbitrary files from the local file system and insert malicious code into files that are subsequently downloaded and executed by the web server hosting the application. This vulnerability arises from improper handling of file inclusion within the web application, classified under CWE-98 (Improper Control of Filename for Include/Require Statement in PHP Program). The vulnerable component is network-facing, bound to the network stack, which means that attackers can exploit this flaw remotely over the network, potentially from anywhere on the Internet. The vulnerability enables a full compromise of the web application and the container environment it runs in, leading to complete loss of confidentiality, integrity, and availability of the affected system. The CVSS v3.1 base score is 9.0 (critical), reflecting the high impact and relatively low attack complexity, requiring only low privileges and no user interaction. The vulnerability scope is changed (S:C), indicating that exploitation affects resources beyond the vulnerable component itself. No known exploits are currently reported in the wild, but the severity and ease of exploitation make it a significant threat to organizations using Nokia WaveSuite NOC for network operations center (NOC) management and monitoring.

For European organizations, the impact of this vulnerability is substantial. Nokia WaveSuite NOC is used for network management and operational control, often in critical infrastructure sectors such as telecommunications, utilities, and large enterprises. Exploitation could lead to unauthorized disclosure of sensitive configuration files, credentials, and operational data, enabling attackers to pivot within the network. The ability to execute arbitrary code on the web server and container can result in full system compromise, disruption of network monitoring services, and potential sabotage of network operations. This could cause significant operational downtime, data breaches, and regulatory non-compliance, especially under GDPR and other data protection laws. The critical nature of the vulnerability means that attackers could leverage it to disrupt essential services, impacting business continuity and trust. Given the network-facing nature and the possibility of remote exploitation, organizations with exposed WaveSuite NOC instances are at high risk.

Organizations should immediately identify and inventory all instances of Nokia WaveSuite NOC, specifically versions 24.6, 23.6, and 23.12. Until a vendor patch is available, it is crucial to restrict network access to the WaveSuite NOC web interface by implementing strict firewall rules, allowing access only from trusted management networks and IP addresses. Employ network segmentation to isolate the NOC environment from general enterprise networks and the Internet. Monitor logs for unusual file access patterns or unexpected file modifications within the WaveSuite environment. Implement application-layer protections such as Web Application Firewalls (WAFs) configured to detect and block file inclusion attempts. Enforce the principle of least privilege for user accounts interacting with the NOC system to limit the potential for exploitation. Once Nokia releases a security patch, prioritize prompt testing and deployment. Additionally, conduct regular security assessments and penetration tests focusing on the NOC infrastructure to detect similar vulnerabilities proactively.