CVE-2025-27022 is a high-severity vulnerability affecting the Infinera G42 optical transport platform, specifically version R6.1.3. The vulnerability arises from a path traversal flaw in the WebGUI HTTP endpoint, which is part of the device's management interface. This flaw allows remote authenticated users to manipulate HTTP requests to traverse the file system and download any files accessible to the HTTP daemon's user account. Essentially, the WebGUI does not sufficiently validate user-supplied input, enabling attackers with valid credentials to access sensitive operating system files beyond intended boundaries. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, allowing exploitation remotely over HTTP. The CVSS 3.1 base score is 7.5, reflecting high severity due to the ease of exploitation (network access, low attack complexity, no privileges required beyond authentication, and no user interaction needed) and the significant confidentiality impact (full read access to OS files). However, integrity and availability are not directly affected. There are no known exploits in the wild as of the published date, and no patches have been linked yet. This vulnerability is particularly critical because Infinera G42 devices are used in telecommunications and network infrastructure environments, where exposure of configuration files, credentials, or system binaries could lead to further compromise or disruption of critical network services.

For European organizations, especially telecommunications providers and network operators using Infinera G42 devices, this vulnerability poses a significant risk to confidentiality of sensitive network infrastructure data. Attackers gaining access to OS files could extract credentials, configuration files, or proprietary software components, potentially enabling lateral movement, espionage, or preparation for further attacks. Given the critical role of optical transport platforms in backbone networks, exploitation could undermine network integrity indirectly by facilitating subsequent attacks or causing operational disruptions. The exposure of sensitive data could also lead to regulatory and compliance issues under GDPR and other European data protection laws. Moreover, the high connectivity of these devices to core network segments increases the risk of widespread impact if exploited. Although integrity and availability are not directly compromised by this vulnerability, the confidentiality breach alone is sufficient to cause severe operational and reputational damage to European network operators and their customers.

1. Immediate mitigation should focus on restricting access to the WebGUI interface to trusted management networks only, using network segmentation and firewall rules to prevent unauthorized access. 2. Enforce strong authentication mechanisms and monitor authentication logs for suspicious activity to detect potential exploitation attempts. 3. Implement strict input validation and sanitization at the application layer if possible, or apply any vendor-provided patches as soon as they become available. 4. Conduct regular audits of system files and configurations to detect unauthorized access or exfiltration. 5. Employ intrusion detection and prevention systems (IDS/IPS) tuned to detect anomalous HTTP requests indicative of path traversal attacks. 6. Limit the privileges of the HTTP daemon user to the minimum necessary to reduce the scope of accessible files. 7. Coordinate with Infinera for timely updates and security advisories, and plan for rapid deployment of patches once released. 8. Consider deploying compensating controls such as multi-factor authentication (MFA) for WebGUI access to reduce risk from compromised credentials.