References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

CWE-266

The misconfiguration in the sudoers configuration of the operating system in
 Infinera G42 version R6.1.3 allows low privileged OS users to 
read/write physical memory via devmem command line tool. 
This could 
allow sensitive information disclosure, denial of service, and privilege 
escalation by tampering with kernel memory.


Details: The output of "sudo -l" reports the presence of "devmem" command 
executable as super user without using a password. This command allows 
to read and write an arbitrary memory area of the target device, 
specifying an absolute address.

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-27021

https://www.cvcn.gov.it/cvcn/cve/CVE-2025-27021