CVE-2025-3719: 
NixOS vulnerability analysis and mitigation

An access control vulnerability (CVE-2025-3719) was discovered in the CLI functionality of Nozomi Networks' Guardian and CMC products versions before 25.2.0. The vulnerability was disclosed on October 7, 2025, and stems from a specific access restriction not being properly enforced for users with limited privileges (Nozomi Advisory).

The vulnerability is classified as an Incorrect Authorization issue (CWE-863). It received a CVSS v4.0 score of 7.2 (High) and a CVSS v3.1 score of 8.1 (High). The vulnerability is accessible through network access (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), and no user interaction (UI:N). The impact primarily affects integrity and availability with high severity, while confidentiality remains unaffected (Nozomi Advisory).

An authenticated user with limited privileges can issue administrative CLI commands, potentially altering the device configuration and/or affecting its availability. This poses a significant risk to system integrity and operational continuity (Nozomi Advisory).

Organizations should use internal firewall features to limit access to the web management interface and review all accounts with access to it, deleting unnecessary ones. The permanent solution is to upgrade to version 25.2.0 or later (Nozomi Advisory).