QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-24936

Back to search

CVE-2025-24936

Published: Jul 21, 2025

Modified: Jul 23, 2025

PUBLISHED

Description

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to the application has the potential to execute commands on the operating system under the context of the webserver.

VendorProductVersions

Nokia

WaveSuite NOC

affected
WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12
unaffected
WS-NOC 24.6 FP3

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now