Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-27024
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Improper File Access in Infinera G42
Source: NVD (National Vulnerability Database)
Vulnerability Description
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
不充分权限或特权的处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Infinera G42 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SSH是芬兰等都是芬兰(SSH)公司的产品。SSH是一个应用协议。Rovin Bhandari FTP等都是(Rovin Bhandari)个人开发者的产品。FTP是一个简单 FTP 客户端和服务器的实现。elixir-ecto ecto等都是(elixir-ecto)开源的产品。ecto是一个用于数据映射和语言集成查询的工具包。 Infinera G42 R6.1.3版本存在安全漏洞,该漏洞源于访问控制不当,可能导致文件读写。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
InfineraG42 6.1.3 ~ 8.0 -
II. Public POCs for CVE-2025-27024
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2025-27024
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: G42
Same vendor: Infinera
Same weakness: CWE-280
V. Comments for CVE-2025-27024

No comments yet

Leave a comment