CVE-2025-10262 Overview
CVE-2025-10262 is a local privilege escalation vulnerability in Nokia SR Linux caused by unsanitized format validation. The flaw is classified under [CWE-134] (Use of Externally-Controlled Format String). An authenticated user can supply crafted input that bypasses format validation, leading to arbitrary command execution with superuser privileges. Exploitation requires local access and high privileges, but a successful attack delivers full root-equivalent control of the affected network operating system. Nokia has published a security advisory describing the issue and remediation guidance.
Critical Impact
An authenticated attacker on Nokia SR Linux can execute arbitrary commands with superuser privileges, compromising the integrity and availability of routing infrastructure.
Affected Products
- Nokia SR Linux (see vendor advisory for affected releases)
Discovery Timeline
- 2026-06-16 - CVE-2025-10262 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2025-10262
Vulnerability Analysis
The vulnerability is a format string flaw in Nokia SR Linux, tracked as [CWE-134]. SR Linux fails to sanitize user-supplied input before passing it to a function that interprets format specifiers. When an authenticated operator submits a crafted string containing format tokens such as %s, %n, or %x, the underlying routine processes them as formatting directives instead of literal text. This behavior allows memory disclosure and controlled writes, which the attacker chains into command execution under the superuser context. The local attack vector and requirement for high privileges limit remote exposure, but any user with valid CLI or management-plane access can escalate to full root on the device.
Root Cause
The root cause is missing input sanitization on a code path that performs format validation. User-controlled data reaches a format string parameter without neutralization of format specifiers, violating safe handling practices for variadic functions.
Attack Vector
Exploitation requires local, authenticated access to the SR Linux management interface. The attacker submits a malicious format string through an affected command or configuration field. The unsanitized input triggers controlled memory operations that culminate in arbitrary command execution as the superuser. No user interaction is required, and the attack runs within the existing session scope.
No public proof-of-concept code is available. Refer to the Nokia Security Advisory CVE-2025-10262 for vendor-specific technical detail.
Detection Methods for CVE-2025-10262
Indicators of Compromise
- Command-line input containing format specifiers such as %s, %n, %x, or %p submitted to SR Linux management commands.
- Unexpected process activity or shell invocations under the root or superuser account following a user session.
- Audit log entries showing privilege transitions from a standard administrative role to superuser without a corresponding sudo or role-change event.
Detection Strategies
- Inspect SR Linux audit and CLI history logs for malformed argument strings containing repeated format tokens.
- Correlate authenticated session events with subsequent privileged command execution to identify anomalous escalations.
- Forward syslog and AAA accounting records to a centralized SIEM and alert on suspicious format-specifier patterns.
Monitoring Recommendations
- Enable verbose CLI command logging and AAA accounting on all SR Linux nodes.
- Baseline normal administrative command usage and alert on deviations such as long argument strings or non-printable characters.
- Restrict and monitor accounts that hold the high privilege levels required to reach the vulnerable code path.
How to Mitigate CVE-2025-10262
Immediate Actions Required
- Review the Nokia Security Advisory CVE-2025-10262 and identify SR Linux releases running in your environment.
- Apply the fixed SR Linux release published by Nokia as soon as change windows permit.
- Audit existing SR Linux accounts and remove unnecessary high-privilege roles to shrink the attack surface.
Patch Information
Nokia has issued a product security advisory for CVE-2025-10262. Operators should consult the advisory for the exact fixed versions and upgrade procedures. No alternative source provides a verified patch.
Workarounds
- Limit management-plane access to a small set of trusted administrators authenticated through centralized AAA.
- Enforce role-based access control so only essential personnel hold the privilege level required to exploit the flaw.
- Place SR Linux management interfaces behind a dedicated out-of-band network with strict ACLs until patches are deployed.
# Configuration example
# Refer to the Nokia advisory for vendor-supplied remediation steps.
# Example: restrict management access via SR Linux ACL
# set / acl ipv4-filter mgmt-restrict entry 10 match source-ip 10.0.0.0/24 action accept
# set / acl ipv4-filter mgmt-restrict entry 99 action drop
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

