- **Vulnerability Details** - **CVEs:** CVE-2025-61879, CVE-2025-61880 - **Affected Versions:** - NIOS - Version 8.5.2 - NIOS - Version 8.6.x - NIOS - Version 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6 - **Description:** - **CVE-2025-61879:** Allows administrative users to perform arbitrary file writes; can lead to file modification or creation. - **CVE-2025-61880:** Related to insecure deserialization; can allow unauthenticated attackers to execute arbitrary code or files. - **Severity:** High - **CVSS Scores:** - CVE-2025-61879: 7.7 - CVE-2025-61880: 7.7 - **Impact:** - CVE-2025-61879: Authenticated attackers can write malicious files. - CVE-2025-61880: Unauthenticated attackers can execute files. - **Resolution:** - Apply NIOS version-specific Hotfix or upgrade to NIOS 9.0.8. - **Additional Notes:** - Admin username and SSH key name restrictions. - NIOS 9.0.8 includes security requirements for all authentication methods. - Specific Hotfixes for 8.5.2, 8.6.5 & 9.0.x versions are provided.