QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-24938

Back to search

CVE-2025-24938

Published: Jul 21, 2025

Modified: Jul 23, 2025

PUBLISHED

Description

The web application allows user input to pass unfiltered to a command executed on the underlying operating system. An attacker with high privileged access (administrator) to the application has the potential execute commands on the operating system under the context of the webserver. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. Has the potential to inject command while creating a new User from User Management.

VendorProductVersions

Nokia

WaveSuite NOC

affected
WS-NOC 24.6, WS-NOC 23.6 and WS-NOC 23.12
unaffected
WS-NOC 24.6 FP3

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now