{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10262", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-09-11T08:45:07.544Z", "datePublished": "2026-06-16T05:40:23.769Z", "dateUpdated": "2026-06-16T12:32:54.052Z"}, "containers": {"cna": {"title": "An unsanitized format validation vulnerability in Nokia SR Linux", "descriptions": [{"lang": "en", "value": "Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges."}], "affected": [{"vendor": "Nokia", "product": "SR Linux", "defaultStatus": "affected", "versions": [{"version": "< 23.10.8", "status": "affected"}, {"version": "< 24.10.6", "status": "affected"}, {"version": "< 25.7.2", "status": "affected"}]}, {"vendor": "Nokia", "product": "SR Linux", "defaultStatus": "unaffected", "versions": [{"version": "23.10.8", "status": "unaffected"}, {"version": "24.10.6", "status": "unaffected"}, {"version": "25.7.2", "status": "unaffected"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-16T05:58:15.720Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-134", "lang": "en", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T12:31:09.043017Z", "id": "CVE-2025-10262", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T12:32:54.052Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-10262", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-16T12:31:09.043017Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T12:31:01.714Z"}}], "cna": {"title": "An unsanitized format validation vulnerability in Nokia SR Linux", "affected": [{"vendor": "Nokia", "product": "SR Linux", "versions": [{"status": "affected", "version": "< 23.10.8"}, {"status": "affected", "version": "< 24.10.6"}, {"status": "affected", "version": "< 25.7.2"}], "defaultStatus": "affected"}, {"vendor": "Nokia", "product": "SR Linux", "versions": [{"status": "unaffected", "version": "23.10.8"}, {"status": "unaffected", "version": "24.10.6"}, {"status": "unaffected", "version": "25.7.2"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-16T05:58:15.720Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10262", "state": "PUBLISHED", "dateUpdated": "2026-06-16T12:32:54.052Z", "dateReserved": "2025-09-11T08:45:07.544Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2026-06-16T05:40:23.769Z", "assignerShortName": "Nokia"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges."}], "id": "CVE-2025-10262", "lastModified": "2026-06-16T15:26:04.250", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.5, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-06-16T06:16:57.063", "references": [{"source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-10262/"}], "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}