PT-2025-53590 · Nokia+2 · Nokia C7+11
Symbuzzer
·
Published
2025-12-26
·
Updated
2026-01-09
·
CVE-2025-65885
CVSS v3.1
5.1
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Delight Custom Firmware versions 1.0 through 1.8
Description
A flaw exists in Delight Custom Firmware for Nokia Symbian Belle devices that allows local attackers to inject startup scripts. This is achieved by placing crafted
.txt files into the :Data directory. The affected devices include Nokia 808, Nokia N8, Nokia E7, Nokia C7, Nokia 700, Nokia 701, Nokia 603, Nokia 500, Nokia E6, Nokia Oro, and Vertu Constellation T.Recommendations
Delight Custom Firmware version 1.0: Avoid placing untrusted
.txt files in the :Data directory.
Delight Custom Firmware version 1.1: Avoid placing untrusted .txt files in the :Data directory.
Delight Custom Firmware version 1.2: Avoid placing untrusted .txt files in the :Data directory.
Delight Custom Firmware version 1.3: Avoid placing untrusted .txt files in the :Data directory.
Delight Custom Firmware version 1.8: Avoid placing untrusted .txt files in the :Data directory.
Delight Custom Firmware version 6.7: Avoid placing untrusted .txt files in the :Data directory.Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Delight Custom Firmware
Nokia 500
Nokia 603
Nokia 700
Nokia 701
Nokia 808
Nokia C7
Nokia E6
Nokia E7
Nokia N8
Nokia Oro
Vertu Constellation T