CVE-2025-27019: CRITICAL Severity Vulnerability | Secably CVE Database

Summary

CVE-2025-27019 is a critical vulnerability affecting Infinera MTC-9 firmware versions R22.1.1.0275 before R23.0. It allows an attacker to leverage password-less user accounts through the Remote Shell service (RSH) to activate a reverse shell and gain unauthorized system access.

Technical Details

This vulnerability stems from the insecure configuration of the Remote Shell service (RSH) within the Infinera MTC-9 firmware. Specifically, the system permits the creation and use of user accounts that do not require a password for authentication. An attacker can exploit this by initiating an RSH connection using one of these password-less accounts. Upon successful authentication (or lack thereof), the attacker can then execute commands on the system, including the activation of a reverse shell. A reverse shell allows the attacker to establish a connection from the compromised system back to a listening attacker-controlled machine, granting them full interactive shell access. The combination of password-less accounts and the ability to execute arbitrary commands via RSH results in a highly exploitable vulnerability.

The vulnerability exists because the RSH service does not properly enforce authentication requirements, allowing connections from accounts without passwords. This bypasses standard security measures and provides a direct pathway for unauthorized access. The ability to then initiate a reverse shell further exacerbates the issue, as it provides persistent and interactive control over the affected system.

Affected Products and Versions

Infinera MTC-9 firmware versions R22.1.1.0275 before R23.0

Impact Assessment

Successful exploitation of CVE-2025-27019 can lead to complete system compromise. An attacker gaining shell access can:

Gain full control of the Infinera MTC-9 device: This includes the ability to modify configurations, install malicious software, and disrupt network operations.
Access sensitive data: The attacker can access and exfiltrate confidential information stored on the device, potentially leading to data breaches and regulatory violations.
Use the compromised device as a pivot point: The attacker can use the compromised MTC-9 device as a launching pad to attack other systems on the network, expanding the scope of the attack.
Disrupt network services: The attacker can disrupt network services by modifying configurations or causing the device to malfunction.

Remediation

Immediate Actions

Upgrade to a patched version: Upgrade the Infinera MTC-9 firmware to a version R23.0 or later, which addresses this vulnerability. Contact Nokia/Infinera support for the latest available patch.
Disable or restrict RSH access: If upgrading is not immediately possible, disable the RSH service if it is not essential. If RSH is required, restrict access to trusted IP addresses only.
Monitor network traffic: Monitor network traffic for suspicious RSH connections or reverse shell activity.

Long-term Solutions

Implement strong password policies: Enforce strong password policies for all user accounts on the Infinera MTC-9 device.
Regular security audits: Conduct regular security audits to identify and address potential vulnerabilities.
Network segmentation: Implement network segmentation to limit the impact of a potential compromise.

References

CVE-2025-27019 at Italian National Cybersecurity Agency

Detection & Scanning

This vulnerability can be detected by scanning for open RSH ports (typically port 514) and attempting to establish a connection using a password-less account. Network intrusion detection systems (NIDS) can be configured to detect suspicious RSH activity or reverse shell connections.

Scan Your Website

Secably AI Scanner can detect this and 50+ other vulnerabilities automatically.

Start Free Scan