CVE-2025-27259

Ericsson Network Manager: improper neutralization of user controlled input

CVSS 2.4 LOWEPSS 0.2%CWE-79

Ericsson Network Manager versions prior to ENM 25.2 GA contain a vulnerability that, if exploited, can exfiltrate limited data or redirect victims to other sites or domains.

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Produtos afetados

Ericsson · Ericsson Network Manager(ENM)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025