CVE-2025-27022: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Infinera G42
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.
AI Analysis
Technical Summary
CVE-2025-27022 is a high-severity vulnerability affecting the Infinera G42 optical transport platform, specifically version R6.1.3. The vulnerability arises from a path traversal flaw in the WebGUI HTTP endpoint, which is part of the device's management interface. This flaw allows remote authenticated users to manipulate HTTP requests to traverse the file system and download any files accessible to the HTTP daemon's user account. Essentially, the WebGUI does not sufficiently validate user-supplied input, enabling attackers with valid credentials to access sensitive operating system files beyond intended boundaries. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, allowing exploitation remotely over HTTP. The CVSS 3.1 base score is 7.5, reflecting high severity due to the ease of exploitation (network access, low attack complexity, no privileges required beyond authentication, and no user interaction needed) and the significant confidentiality impact (full read access to OS files). However, integrity and availability are not directly affected. There are no known exploits in the wild as of the published date, and no patches have been linked yet. This vulnerability is particularly critical because Infinera G42 devices are used in telecommunications and network infrastructure environments, where exposure of configuration files, credentials, or system binaries could lead to further compromise or disruption of critical network services.
Potential Impact
For European organizations, especially telecommunications providers and network operators using Infinera G42 devices, this vulnerability poses a significant risk to confidentiality of sensitive network infrastructure data. Attackers gaining access to OS files could extract credentials, configuration files, or proprietary software components, potentially enabling lateral movement, espionage, or preparation for further attacks. Given the critical role of optical transport platforms in backbone networks, exploitation could undermine network integrity indirectly by facilitating subsequent attacks or causing operational disruptions. The exposure of sensitive data could also lead to regulatory and compliance issues under GDPR and other European data protection laws. Moreover, the high connectivity of these devices to core network segments increases the risk of widespread impact if exploited. Although integrity and availability are not directly compromised by this vulnerability, the confidentiality breach alone is sufficient to cause severe operational and reputational damage to European network operators and their customers.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the WebGUI interface to trusted management networks only, using network segmentation and firewall rules to prevent unauthorized access. 2. Enforce strong authentication mechanisms and monitor authentication logs for suspicious activity to detect potential exploitation attempts. 3. Implement strict input validation and sanitization at the application layer if possible, or apply any vendor-provided patches as soon as they become available. 4. Conduct regular audits of system files and configurations to detect unauthorized access or exfiltration. 5. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect anomalous HTTP requests indicative of path traversal attacks. 6. Limit the privileges of the HTTP daemon user to the minimum necessary to reduce the scope of accessible files. 7. Coordinate with Infinera for timely updates and security advisories, and plan for rapid deployment of patches once released. 8. Consider deploying compensating controls such as multi-factor authentication (MFA) for WebGUI access to reduce risk from compromised credentials.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Belgium, Poland, Finland
CVE-2025-27022: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Infinera G42
Description
A path traversal vulnerability of the WebGUI HTTP endpoint in Infinera G42 version R6.1.3 allows remote authenticated users to download all OS files via HTTP requests. Details: Lack or insufficient validation of user-supplied input allows authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.
AI-Powered Analysis
Technical Analysis
CVE-2025-27022 is a high-severity vulnerability affecting the Infinera G42 optical transport platform, specifically version R6.1.3. The vulnerability arises from a path traversal flaw in the WebGUI HTTP endpoint, which is part of the device's management interface. This flaw allows remote authenticated users to manipulate HTTP requests to traverse the file system and download any files accessible to the HTTP daemon's user account. Essentially, the WebGUI does not sufficiently validate user-supplied input, enabling attackers with valid credentials to access sensitive operating system files beyond intended boundaries. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, allowing exploitation remotely over HTTP. The CVSS 3.1 base score is 7.5, reflecting high severity due to the ease of exploitation (network access, low attack complexity, no privileges required beyond authentication, and no user interaction needed) and the significant confidentiality impact (full read access to OS files). However, integrity and availability are not directly affected. There are no known exploits in the wild as of the published date, and no patches have been linked yet. This vulnerability is particularly critical because Infinera G42 devices are used in telecommunications and network infrastructure environments, where exposure of configuration files, credentials, or system binaries could lead to further compromise or disruption of critical network services.
Potential Impact
For European organizations, especially telecommunications providers and network operators using Infinera G42 devices, this vulnerability poses a significant risk to confidentiality of sensitive network infrastructure data. Attackers gaining access to OS files could extract credentials, configuration files, or proprietary software components, potentially enabling lateral movement, espionage, or preparation for further attacks. Given the critical role of optical transport platforms in backbone networks, exploitation could undermine network integrity indirectly by facilitating subsequent attacks or causing operational disruptions. The exposure of sensitive data could also lead to regulatory and compliance issues under GDPR and other European data protection laws. Moreover, the high connectivity of these devices to core network segments increases the risk of widespread impact if exploited. Although integrity and availability are not directly compromised by this vulnerability, the confidentiality breach alone is sufficient to cause severe operational and reputational damage to European network operators and their customers.
Mitigation Recommendations
1. Immediate mitigation should focus on restricting access to the WebGUI interface to trusted management networks only, using network segmentation and firewall rules to prevent unauthorized access. 2. Enforce strong authentication mechanisms and monitor authentication logs for suspicious activity to detect potential exploitation attempts. 3. Implement strict input validation and sanitization at the application layer if possible, or apply any vendor-provided patches as soon as they become available. 4. Conduct regular audits of system files and configurations to detect unauthorized access or exfiltration. 5. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect anomalous HTTP requests indicative of path traversal attacks. 6. Limit the privileges of the HTTP daemon user to the minimum necessary to reduce the scope of accessible files. 7. Coordinate with Infinera for timely updates and security advisories, and plan for rapid deployment of patches once released. 8. Consider deploying compensating controls such as multi-factor authentication (MFA) for WebGUI access to reduce risk from compromised credentials.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- ENISA
- Date Reserved
- 2025-02-18T06:59:55.889Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6864f74a6f40f0eb729229ed
Added to database: 7/2/2025, 9:09:30 AM
Last enriched: 7/2/2025, 9:24:31 AM
Last updated: 7/4/2025, 12:09:10 AM
Views: 7
Related Threats
CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
MediumCVE-2025-6944: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in undsgn Uncode Core
MediumCVE-2025-7053: Cross Site Scripting in Cockpit
MediumCVE-2025-7046: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dotrex Portfolio for Elementor & Image Gallery | PowerFolio
MediumCVE-2025-6814: CWE-862 Missing Authorization in dunskii Booking X – Appointment and Reservation Availability Calendar
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.