CVE-2025-27019 PUBLISHED

Remote shell service (RSH) in Infinera MTC-9

Assigner: ENISA
Reserved: 18.02.2025 Published: 08.12.2025 Updated: 08.12.2025

Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows an attacker to utilize password-less user accounts and obtain system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Infinera
Product	MTC-9
Versions	Default: unaffected affected from R22.1.1.0275 to R23.0 (excl.)

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27019

Problem Types

CWE-306 Missing Authentication for Critical Function CWE

Impacts

CAPEC-114 Authentication Abuse