CVE-2025-65885 identifies a local code injection vulnerability in the Delight Custom Firmware (CFW) tailored for Nokia Symbian Belle devices, including models such as Nokia 808, N8, E7, C7, 700, 701, 603, 500, E6, Oro, and Vertu Constellation T. The flaw arises from insufficient validation of .txt files placed in the :\Data directory, which the firmware processes during device startup. An attacker with local access can craft malicious .txt files that inject startup scripts, enabling arbitrary code execution with the privileges of the firmware startup process. This can compromise device integrity by allowing persistent malicious code execution, potentially leading to data leakage or further compromise of connected systems. The vulnerability does not require network access or authentication but does require the attacker to have local file system access, which could be achieved through physical access or via other local exploits. No CVSS score has been assigned, and no patches or known exploits are currently documented. Given the age and niche use of Symbian Belle devices, the threat surface is limited but relevant for legacy device users. The vulnerability highlights risks in custom firmware environments where startup script handling lacks robust input validation and access controls.

For European organizations, the impact of CVE-2025-65885 is primarily relevant to those maintaining legacy mobile devices running Symbian Belle with Delight CFW, often in specialized industrial, governmental, or telecommunications contexts. Successful exploitation could lead to unauthorized code execution on affected devices, compromising device integrity and potentially exposing sensitive data stored locally. This could facilitate lateral movement if the device connects to internal networks or is used for secure communications. The vulnerability undermines trust in device startup processes, potentially allowing persistent malware installation. However, given the requirement for local access and the limited market share of these devices, the overall risk to large-scale enterprise operations is low. Nonetheless, organizations relying on these devices for critical functions should consider the risk of insider threats or physical compromise. The lack of available patches increases the risk of prolonged exposure. Confidentiality, integrity, and availability of device functions could be impacted, especially if attackers leverage this vulnerability to implant persistent malware or disrupt device operations.

To mitigate CVE-2025-65885, organizations should first inventory and identify any Nokia Symbian Belle devices running Delight CFW within their environment. Restrict physical and local access to these devices to trusted personnel only, minimizing the risk of unauthorized file placement. Implement strict file system permissions on the :\Data directory to prevent unauthorized creation or modification of .txt files. Monitor device startup scripts and logs for unusual or unauthorized entries indicative of script injection attempts. Where possible, isolate these legacy devices from critical networks or sensitive data environments to limit potential lateral movement. Consider replacing or upgrading legacy devices to supported platforms with active security maintenance. If replacement is not feasible, develop compensating controls such as enhanced endpoint monitoring and physical security measures. Engage with Delight CFW maintainers or community to seek patches or updates addressing this vulnerability. Finally, educate users and administrators about the risks of local file manipulation on these devices.