CVE-2025-24937CRITICAL 9.0EPSS p13.6%

CVE-2025-24937CVE-2025-24937

Description

File contents could be read from the local file system by an attacker. Additionally, malicious code could be inserted in the file, leading to a full compromise of the web application and the container it is running on. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. The web application allows arbitrary files to be included in a file that was downloadable and executable by the web server.

Scoring

CVSS 3.19.0 (CRITICAL)
VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS0.23% probability of exploitation · percentile 13.6% · 2026-06-19T12:03:05Z
Published2025-07-21
Last modified2025-08-11

Underlying weaknesses· 1

CWE-98

References

  1. https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24937/

1

TypeTargetConfidenceTier
WeaknessImproper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')cwe-980%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-24936
CVE
CVE-2025-2305
CVE
CVE-2025-3365
CVE
CVE-2025-41735
CVE
CVE-2025-59171
CVE
CVE-2026-21628
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.