CVE-2025-0980

Published: Jan 7, 2026Modified: Jan 8, 2026

6.4

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.5 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://www.nokia.com/we-are-nokia/security/product-security-advisory/CVE-2025-0980/

Source: b48c3b8f-639e-4c16-8725-497bc411dad0

Timeline

No history available yet.