Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24936

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver.

Published

2025-07-21T07:15:23.890

Last Modified

2025-08-11T14:52:51.543

Status

Analyzed

Source

b48c3b8f-639e-4c16-8725-497bc411dad0

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nokia	wavesuite_noc	23.6	Yes
Application	nokia	wavesuite_noc	23.12	Yes
Application	nokia	wavesuite_noc	24.6	Yes

References

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24936/ Vendor Advisory (b48c3b8f-639e-4c16-8725-497bc411dad0)