CVE-2025-27026

Name of the Vulnerable Software and Affected Versions: Infinera G42 version R6.1.3

Description: A missing double-check feature in the WebGUI for CLI deactivation allows an authenticated administrator to make other management interfaces unavailable via local and network interfaces. The CLI deactivation via the WebGUI does not only stop the CLI interface but also deactivates Linux Shell, WebGUI, and Physical Serial Console access. No confirmation is asked at deactivation time, putting device administrators at risk of completely losing device control.

Recommendations: For Infinera G42 version R6.1.3, consider temporarily restricting access to the WebGUI CLI deactivation feature until a patch is available to prevent unintended deactivation of management interfaces. As a mitigation measure, ensure that administrators are aware of the potential consequences of deactivating the CLI via the WebGUI and implement procedures to verify the intended action before deactivation.