CVE-2025-27020
Published: 08 December 2025
Description
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system . This issue affects MTC-9: from R22.1.1.0275 before R23.0.
Mitigating Controls (NIST 800-53 r5)AI
Directly prohibits critical actions like arbitrary command execution without identification or authentication, addressing the core issue of missing SSH authentication.
Requires secure configuration settings for the SSH service to enforce authentication, mitigating the improper configuration vulnerability.
Mandates timely flaw remediation via upgrades to fixed MTC-9 R23.0 or later, eliminating the SSH authentication bypass.
Security SummaryAI
CVE-2025-27020 is a vulnerability stemming from improper configuration of the SSH service in Infinera MTC-9 systems. It affects MTC-9 versions from R22.1.1.0275 up to but not including R23.0, as classified under CWE-306 (Missing Authentication for Critical Function). The issue enables unauthenticated remote access, earning a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
An unauthenticated attacker with network access can exploit this vulnerability with low complexity and no user interaction required. Successful exploitation allows execution of arbitrary commands and access to data on the file system, potentially compromising confidentiality, integrity, and availability of the affected system.
The advisory published on 2025-12-08 provides further details at https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27020. Mitigation involves upgrading to MTC-9 R23.0 or later, as the vulnerability is fixed in that release.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability allows unauthenticated remote access via misconfigured SSH service, enabling exploitation of remote services (T1210) which facilitates arbitrary Unix shell command execution (T1059.004).