CVE-2025-27022

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3

Description: The issue allows remote authenticated users to download all OS files via HTTP requests due to a path traversal vulnerability in the WebGUI HTTP endpoint. This is caused by a lack or insufficient validation of user-supplied input, enabling authenticated users to access all files on the target machine file system that are readable to the user account used to run the httpd service.

Recommendations: For Infinera G42 version R6.1.3, consider restricting access to the WebGUI HTTP endpoint until a patch is available, and ensure proper validation of user-supplied input to prevent path traversal attacks. As a temporary workaround, limit the privileges of the user account used to run the httpd service to minimize the risk of exploitation.