QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2025-9974

Back to search

CVE-2025-9974

Published: Feb 2, 2026

Modified: Feb 3, 2026

PUBLISHED

Description

The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device.

VendorProductVersions

Nokia

Nokia ONT

affected
Releases prior to BBDR2503
unaffected
BBDR2503 and later releases

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now