Vulnerability Details - CVEs: CVE-2025-61879, CVE-2025-61880 - Affected Versions: - NIOS - Version 8.5.2 - NIOS - Version 8.6.x - NIOS - Version 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6 - Description: - CVE-2025-61879: Allows administrative users to perform arbitrary file writes; can lead to file modification or creation. - CVE-2025-61880: Related to insecure deserialization; can allow unauthenticated attackers to execute arbitrary code or files. - Severity: High - CVSS Scores: - CVE-2025-61879: 7.7 - CVE-2025-61880: 7.7 - Impact: - CVE-2025-61879: Authenticated attackers can write malicious files. - CVE-2025-61880: Unauthenticated attackers can execute files. - Resolution: - Apply NIOS version-specific Hotfix or upgrade to NIOS 9.0.8. - Additional Notes: - Admin username and SSH key name restrictions. - NIOS 9.0.8 includes security requirements for all authentication methods. - Specific Hotfixes for 8.5.2, 8.6.5 & 9.0.x versions are provided.