Description
Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.
Published: 2026-06-16
Score: 6.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Nokia SR Linux is a local privilege escalation flaw that allows an authenticated user to execute arbitrary commands as the superuser. Successful exploitation would give an attacker full control over the device, enabling installation of malware, modification of system settings, and other actions that compromise confidentiality, integrity, and availability.

Affected Systems

The affected product is Nokia SR Linux. No specific version information is available, so all released builds of the OS should be reviewed to determine whether they contain the vendor-supplied fix. The flaw applies to any installation of SR Linux that has not applied the official patch.

Risk and Exploitability

The CVSS score of 6.3 classifies the vulnerability as medium severity, while the EPSS score of less than 1% indicates a low probability of widespread exploitation at present. The vulnerability is not listed in CISA's KEV catalog, so no known exploitation indicators exist. The likely attack vector is local authenticated access (inferred from the description), meaning that the primary risk is to administrators and other users with login credentials on the device. When exploited, an attacker can perform any action a root user can, such as installing malware, resetting passwords, or tampering with critical configurations. Because the flaw is local, remote attackers would need additional foothold or physical access, which reduces but does not eliminate the attack surface.

Generated by OpenCVE AI on June 18, 2026 at 00:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Nokia SR Linux release that contains the fix for CVE-2025-9912
  • Restrict local user accounts to the least privilege required for their role, following the principle of least privilege
  • Enable comprehensive audit logging for privileged command execution and review logs regularly

Generated by OpenCVE AI on June 18, 2026 at 00:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 23 Jun 2026 21:30:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia nokia Sr Linux
Vendors & Products Nokia
Nokia nokia Sr Linux

Tue, 16 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-269
Metrics cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 16 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Description Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.
Title A local privilege escalation vulnerability in Nokia SR Linux
References

Subscriptions

Nokia Nokia Sr Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published:

Updated: 2026-06-16T12:28:56.473Z

Reserved: 2025-09-03T08:58:21.602Z

Link: CVE-2025-9912

cve-icon Vulnrichment

Updated: 2026-06-16T12:27:13.558Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-16T08:16:23.627

Modified: 2026-06-16T15:26:04.250

Link: CVE-2025-9912

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-23T21:06:04Z

Weaknesses
  • CWE-269

    Improper Privilege Management