CVE-2025-27020 PUBLISHED

Improper configuration of SSH service in Infinera MTC-9

Assigner: ENISA
Reserved: 18.02.2025 Published: 08.12.2025 Updated: 08.12.2025

Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system

This issue affects MTC-9: from R22.1.1.0275 before R23.0.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS Score: 9.8

Attack Vector	Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	None	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Infinera
Product	MTC-9
Versions	Default: unaffected affected from R22.1.1.0275 to R23.0 (excl.)

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27020

Problem Types

CWE-306 Missing Authentication for Critical Function CWE

Impacts

CAPEC-114 Authentication Abuse