CVE-2025-0980 Overview
CVE-2025-0980 is an authentication bypass vulnerability affecting Nokia SR Linux that allows unauthorized access to the JSON-RPC service. When exploited, invalid credential validation enables attackers with local access to interact with the JSON-RPC interface without providing valid authentication credentials, potentially compromising network device configuration and management capabilities.
Critical Impact
This vulnerability enables unauthorized access to the JSON-RPC service on Nokia SR Linux devices, potentially allowing attackers to execute management operations without proper authentication.
Affected Products
- Nokia SR Linux (specific versions not disclosed)
Discovery Timeline
- 2026-01-07 - CVE CVE-2025-0980 published to NVD
- 2026-01-08 - Last updated in NVD database
Technical Details for CVE-2025-0980
Vulnerability Analysis
This authentication bypass vulnerability (CWE-284: Improper Access Control) resides in Nokia SR Linux's JSON-RPC service authentication mechanism. The vulnerability stems from improper validation of authentication credentials, allowing local attackers with high privileges to bypass authentication controls and gain unauthorized access to the JSON-RPC interface.
The JSON-RPC service in SR Linux provides programmatic access to device configuration and operational data. When authentication validation fails to properly verify credentials, an attacker can craft requests that circumvent the intended access controls. Despite requiring local access and high privileges, successful exploitation grants full access to the JSON-RPC API endpoints.
Root Cause
The root cause of CVE-2025-0980 is improper access control within the JSON-RPC authentication handling logic. The vulnerability exists because the credential validation routine does not correctly enforce authentication requirements, allowing requests with invalid or missing credentials to be processed as authenticated. This represents a fundamental flaw in the access control implementation that should gate access to the JSON-RPC service.
Attack Vector
The attack requires local access to the affected Nokia SR Linux device and elevated privileges on the system. An attacker would need to have already obtained some level of access to the device, after which they can leverage this vulnerability to bypass JSON-RPC authentication and execute operations that should require valid credentials.
The exploitation path involves:
- Gaining local access to a Nokia SR Linux device
- Crafting JSON-RPC requests that exploit the invalid credential validation
- Submitting requests to the JSON-RPC service without valid authentication
- Executing unauthorized management operations through the API
For technical details regarding the specific authentication bypass mechanism, refer to the Nokia Security Advisory CVE-2025-0980.
Detection Methods for CVE-2025-0980
Indicators of Compromise
- Unexpected JSON-RPC requests originating from non-standard users or processes
- Authentication logs showing successful API access without corresponding valid login events
- Unusual configuration changes made through the JSON-RPC interface
- Elevated API activity from local processes without proper credential provisioning
Detection Strategies
- Monitor JSON-RPC service logs for authentication anomalies or access attempts with invalid credentials
- Implement behavioral analysis to detect unusual patterns in JSON-RPC API usage
- Configure alerting for configuration changes made outside of approved change windows
- Deploy endpoint detection solutions capable of monitoring network device API interactions
Monitoring Recommendations
- Enable comprehensive logging for all JSON-RPC service authentication attempts and API calls
- Establish baseline patterns for legitimate JSON-RPC usage and alert on deviations
- Review access control lists and ensure only authorized processes can reach the JSON-RPC service
- Implement SentinelOne Singularity for network device visibility and anomaly detection
How to Mitigate CVE-2025-0980
Immediate Actions Required
- Review the Nokia Security Advisory CVE-2025-0980 for vendor-provided patches and guidance
- Restrict local access to Nokia SR Linux devices to only essential personnel and processes
- Audit existing JSON-RPC service configurations and access permissions
- Implement network segmentation to limit exposure of management interfaces
Patch Information
Nokia has published a security advisory for this vulnerability. Organizations should consult the official Nokia Security Advisory CVE-2025-0980 for specific patch versions and update instructions. Apply vendor-provided patches as soon as they become available following your organization's change management procedures.
Workarounds
- Disable the JSON-RPC service if not operationally required until a patch can be applied
- Implement additional access controls at the network layer to restrict local access to SR Linux devices
- Enable enhanced logging and monitoring to detect potential exploitation attempts
- Consider implementing additional authentication layers in front of the JSON-RPC service where architecturally feasible
# Example: Restrict JSON-RPC service access (consult Nokia documentation for exact syntax)
# Review and limit users with local access to the SR Linux device
# Enable comprehensive audit logging for JSON-RPC operations
# Monitor /var/log for authentication-related events
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
