CVE-2025-27023 is a medium-severity vulnerability affecting the Infinera G42 optical transport appliance, specifically version R6.1.3. The vulnerability arises from improper input validation (CWE-20) in the WebGUI CLI web interface, which is used for device management. The web interface allows remote authenticated users to execute a restricted set of commands and also to execute script files present on the device. However, when a user specifies a non-script or incorrect file, the system erroneously displays the content of that file along with an error message. This behavior is due to the HTTP service running with privileged user permissions, which inadvertently allows authenticated users to read any file on the underlying operating system. The vulnerability does not allow modification or deletion of files, nor does it require user interaction beyond authentication. The CVSS v3.1 base score is 6.5, reflecting a network attack vector with low attack complexity, requiring privileges but no user interaction, and resulting in high confidentiality impact without affecting integrity or availability. No known exploits are currently reported in the wild, and no patches have been linked yet. The root cause is insufficient input validation in the web interface's command execution feature, which fails to restrict file access properly, exposing sensitive system files to authenticated users.

For European organizations using the Infinera G42 appliance version 6.1.3, this vulnerability poses a significant confidentiality risk. Attackers with valid credentials can remotely access sensitive OS files, potentially exposing configuration files, credentials, logs, or other sensitive data that could facilitate further attacks or espionage. Given that Infinera G42 devices are used in optical transport networks, which form critical infrastructure for telecommunications and data transmission, unauthorized disclosure of system files could lead to information leakage about network topology, security configurations, or operational details. This could enable adversaries to plan targeted attacks or disrupt services indirectly. Although the vulnerability does not allow direct modification or denial of service, the confidentiality breach alone can have severe consequences, especially for telecom operators, ISPs, and enterprises relying on these devices for secure communications. The requirement for authentication limits exposure to insiders or attackers who have compromised credentials, but the privileged nature of the HTTP service amplifies the risk once access is gained.

Organizations should immediately audit their Infinera G42 appliances to identify devices running version 6.1.3 and restrict access to the WebGUI CLI interface to trusted administrators only, ideally via secure management networks or VPNs. Strong authentication mechanisms, including multi-factor authentication (MFA), should be enforced to reduce the risk of credential compromise. Monitoring and logging of all WebGUI CLI access should be enabled to detect suspicious activities. Since no official patch is currently linked, organizations should engage with Infinera support to obtain updates or workarounds. As a temporary mitigation, administrators should avoid executing or referencing non-script files via the CLI web interface to prevent accidental disclosure. Network segmentation and strict firewall rules should limit access to management interfaces. Additionally, organizations should consider implementing file integrity monitoring on these devices to detect unauthorized file access or exfiltration attempts. Regular security assessments and penetration testing focusing on management interfaces can help identify similar weaknesses.