CVE-2025-27259

Ericsson Network Manager: improper neutralization of user controlled input

CVSS 2.4 LOWEPSS 0.2%CWE-79

Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Productos afectados

Ericsson · Ericsson Network Manager(ENM)

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025