CVE-2025-10258
A time-based SQL Injection vulnerability in Infinera DNA
Public disclosure |
05-02-2026 |
|---|---|
Last updated |
05-02-2026 |
Vulnerability type |
SQL Injection |
CVSS vector |
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L |
CVSS score |
6.3 |
Description
Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information.
Affected products and versions
Infinera DNA versions earlier than R24.2.
Mitigation plan
Fixes have been provided in R24.2 and onwards.
Acknowledgements
- Ngo Thanh Hang (VNPT Net)