Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-24938

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.

Published

2025-07-21T07:15:24.130

Last Modified

2025-08-11T14:52:40.313

Status

Analyzed

Source

b48c3b8f-639e-4c16-8725-497bc411dad0

Severity

CVSSv3.1: 8.4 (HIGH)

Weaknesses

Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nokia	wavesuite_noc	23.6	Yes
Application	nokia	wavesuite_noc	23.12	Yes
Application	nokia	wavesuite_noc	24.6	Yes

References

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24938/ Vendor Advisory (b48c3b8f-639e-4c16-8725-497bc411dad0)