CVE-2025-10262
An unsanitized format validation vulnerability in Nokia SR Linux

Public disclosure	27-05-2026
Last updated	27-05-2026
Vulnerability type	Improper input validation
CVSS vector	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H
CVSS score	6.3

Description

Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges.

Affected products and versions

All SR Linux versions earlier than 23.10.8, 24.10.6, 25.7.2 (exclusive).

Hardware platforms running SR Linux:

7215 IXS
7220 IXR
7250 IXR
7730 SXR

Mitigation plan

Fixes have been provided in SR Linux 23.10.8. 24.10.6, 25.7.2, and later releases.

References

Engineer working on laptop connected to servers

Select your country

CVE-2025-10262
An unsanitized format validation vulnerability in Nokia SR Linux

Description

Affected products and versions

Mitigation plan

References

Service Router Linux (SR Linux)

Select your country

CVE-2025-10262An unsanitized format validation vulnerability in Nokia SR Linux

Description

Affected products and versions

Mitigation plan

References

Service Router Linux (SR Linux)

CVE-2025-10262
An unsanitized format validation vulnerability in Nokia SR Linux