CVE-2025-27021
low-risk
Published 2025-07-02
The misconfiguration in the sudoers configuration of the operating system in Infinera G42 version R6.1.3 allows low privileged OS users to read/write physical memory via devmem command line tool. This could allow sensitive information disclosure, denial of service, and privilege escalation by tampering with kernel memory. Details: The output of "sudo -l" reports the presence of "devmem" command executable as super user without using a password. This command allows to read and write an arbitrary memory area of the target device, specifying an absolute address.
Do I need to act?
-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.0/10
High
LOCAL
/ HIGH complexity
Affected Products (1)
G42 Firmware
Affected Vendors
References (2)
Third Party Advisory
https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27021
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27021
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal