CVE-2025-27023

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3

Description: The issue is related to insufficient input validation in the WebGUI CLI web interface of the Infinera G42 appliance. This allows remote authenticated users to read all OS files via crafted CLI commands. The web interface enables the execution of a restricted set of commands and offers the option to execute a script-file already present on the target device. When a non-script or incorrect file is specified, the content of the file is shown along with an error message. Due to the execution of the http service with a privileged user, all files on the file system can be viewed this way.

Recommendations: For Infinera G42 version R6.1.3, consider restricting access to the WebGUI CLI web interface until a patch is available. As a temporary workaround, limit the execution of commands and script-files to only necessary and authorized users. Avoid using the WebGUI CLI web interface for executing commands or script-files that could potentially reveal sensitive information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.