CVE-2025-10262 | Nokia SR Linux is vulnerable to local privilege escalation v… | CVSS 6.3 MEDIUM

Description

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.

Metadata

CVE ID: CVE-2025-10262
State: PUBLISHED
Assigner: Nokia
Reserved: 2025-09-11 08:45 UTC
Published: 2026-06-16 05:40 UTC
Last updated: 2026-06-16 12:32 UTC
Primary CWE: CWE-134
CWE-134 Use of Externally-Controlled Format String
Vendor / Product: Nokia / SR Linux
Sources: cve.org · NVD

Severity & Metrics

6.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Nokia	SR Linux	—	< 23.10.8, < 24.10.6, < 25.7.2
Nokia	SR Linux	—	23.10.8, 24.10.6, 25.7.2

Weakness (CWE)

CWE	Source	Description
CWE-134	adp	CWE-134 Use of Externally-Controlled Format String

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.3	MEDIUM	3.1	adp	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H

References (1)

Nokia Product Security Advisory https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/