{"api_version":"1","generated_at":"2026-07-03T12:01:46+00:00","cve":"CVE-2025-10262","urls":{"html":"https://cve.report/CVE-2025-10262","api":"https://cve.report/api/cve/CVE-2025-10262.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-10262","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-10262"},"summary":{"title":"An unsanitized format validation vulnerability in Nokia SR Linux","description":"Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.","state":"PUBLISHED","assigner":"Nokia","published_at":"2026-06-16 06:16:57","updated_at":"2026-06-16 15:26:04"},"problem_types":["CWE-134","CWE-134 CWE-134 Use of Externally-Controlled Format String"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/","refsource":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-10262","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10262","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"affected < 23.10.8","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"affected < 24.10.6","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"affected < 25.7.2","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"unaffected 23.10.8","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"unaffected 24.10.6","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"SR Linux","version":"unaffected 25.7.2","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"10262","cve":"CVE-2025-10262","epss":"0.001160000","percentile":"0.019080000","score_date":"2026-06-23","updated_at":"2026-06-24 00:09:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":6.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-10262","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-16T12:31:09.043017Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-134","description":"CWE-134 Use of Externally-Controlled Format String","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-16T12:32:54.052Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"affected","product":"SR Linux","vendor":"Nokia","versions":[{"status":"affected","version":"< 23.10.8"},{"status":"affected","version":"< 24.10.6"},{"status":"affected","version":"< 25.7.2"}]},{"defaultStatus":"unaffected","product":"SR Linux","vendor":"Nokia","versions":[{"status":"unaffected","version":"23.10.8"},{"status":"unaffected","version":"24.10.6"},{"status":"unaffected","version":"25.7.2"}]}],"descriptions":[{"lang":"en","value":"Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges."}],"providerMetadata":{"dateUpdated":"2026-06-16T05:58:15.720Z","orgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","shortName":"Nokia"},"references":[{"name":"Nokia Product Security Advisory","url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/"}],"title":"An unsanitized format validation vulnerability in Nokia SR Linux","x_generator":{"engine":"cveClient/1.0.15"}}},"cveMetadata":{"assignerOrgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","assignerShortName":"Nokia","cveId":"CVE-2025-10262","datePublished":"2026-06-16T05:40:23.769Z","dateReserved":"2025-09-11T08:45:07.544Z","dateUpdated":"2026-06-16T12:32:54.052Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-16 06:16:57","lastModifiedDate":"2026-06-16 15:26:04","problem_types":["CWE-134","CWE-134 CWE-134 Use of Externally-Controlled Format String"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.8,"impactScore":5.5}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"10262","Ordinal":"1","Title":"An unsanitized format validation vulnerability in Nokia SR Linux","CVE":"CVE-2025-10262","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"10262","Ordinal":"1","NoteData":"Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.","Type":"Description","Title":"An unsanitized format validation vulnerability in Nokia SR Linux"}]}}}