CVE-2025-0980
JSON RPC authentication bypass in Nokia SR Linux

Public disclosure	07-01-2026
Last updated	07-01-2026
Vulnerability type	Incorrect Access Control
CVSS vector	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS score	6.4

Description

Nokia SR Linux is vulnerable to an authentication vulnerability allowing unauthorized access to the JSON-RPC service. When exploited, an invalid validation allows JSON RPC access without providing valid authentication credentials.

Affected products and versions

SR Linux versions earlier than 23.10.6 or 24.10.2.

Hardware platforms running SR Linux:

7215 IXS
7220 IXR
7250 IXR
7730 SXR

Mitigation plan

Fixes have been provided in SR Linux version 23.10.6, 24.10.2 and onwards.

Select your country

CVE-2025-0980
JSON RPC authentication bypass in Nokia SR Linux

Description

Affected products and versions

Mitigation plan

References

Product Security Advisory

Looking for Nokia licensed products support?

Looking for Nokia licensed products support?

Select your country

CVE-2025-0980JSON RPC authentication bypass in Nokia SR Linux

Description

Affected products and versions

Mitigation plan

References

Product Security Advisory

CVE-2025-0980
JSON RPC authentication bypass in Nokia SR Linux