CVE-2025-27258

Ericsson Network Manager (ENM) versions prior to ENM 25.1 GA contain a vulnerability, if exploited, can result in an escalation of privilege.

VectorNETWORK

Published By85b1779b-6ecd-4f52-bcc5-73eac4659dcf

Published DateOct 13, 2025, 07:15

Weakness Type (CWE):CWE-284

CVSS Metrics

Base Score

6.9

Vector String

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

ADJACENT

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

References

https://www.ericsson.com/en/about-us/security/psirt/security-bulletin-enm-october-2025

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-284

CVSS Metrics

Base Score

6.9

Vector String

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Base Severity

MEDIUM

Version

4.0

Attack Vector (AV)

ADJACENT

Attack Complexity (AC)

LOW

Privileges Required (PR)

LOW

User Interaction (UI)

NONE

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)