CVE-2025-65885 - Vulnerability Details

An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Nokia Subscribe	500 Subscribe 603 Subscribe 700 Subscribe 701 Subscribe 808 Pureview Subscribe C6-01 Subscribe C7 Subscribe E6 Subscribe E7 Subscribe N8 Subscribe Oro Subscribe Symbian Subscribe Symbian Os Subscribe Vertu Constellation T Subscribe
Symwld Subscribe	Delight Custom Firmware Subscribe

Configuration 1 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:1.8:*:*:*:*:*:*:*

cpe:2.3:h:nokia:808_pureview:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:6.7:*:*:*:*:*:*:*

OR	cpe:2.3:h:nokia:c7:-:::::::*
	cpe:2.3:h:nokia:n8:-:::::::*

Configuration 3 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:1.3:*:*:*:*:*:*:*

cpe:2.3:h:nokia:e7:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:1.1:*:*:*:*:*:*:*

OR	cpe:2.3:h:nokia:701:-:::::::*
	cpe:2.3:h:nokia:c6-01:-:::::::*

Configuration 5 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:1.2:*:*:*:*:*:*:*

OR	cpe:2.3:h:nokia:500:-:::::::*
	cpe:2.3:h:nokia:700:-:::::::*

Configuration 6 [-]

AND

cpe:2.3:o:symwld:delight_custom_firmware:1.0:*:*:*:*:*:*:*

OR	cpe:2.3:h:nokia:603:-:::::::*
	cpe:2.3:h:nokia:e6:-:::::::*
	cpe:2.3:h:nokia:oro:-:::::::*
	cpe:2.3:h:nokia:vertu_constellation_t:-:::::::*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Nokia Subscribe	Symbian Subscribe Symbian Os Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d192b49546d
https://www.symwld.com/delight/

History

Fri, 09 Jan 2026 21:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nokia 500 Nokia 603 Nokia 700 Nokia 701 Nokia 808 Pureview Nokia c6-01 Nokia c7 Nokia e6 Nokia e7 Nokia n8 Nokia oro Nokia vertu Constellation T Symwld Symwld delight Custom Firmware
CPEs		cpe:2.3:h:nokia:500:-:::::::* cpe:2.3:h:nokia:603:-:::::::* cpe:2.3:h:nokia:700:-:::::::* cpe:2.3:h:nokia:701:-:::::::* cpe:2.3:h:nokia:808_pureview:-:::::::* cpe:2.3:h:nokia:c6-01:-:::::::* cpe:2.3:h:nokia:c7:-:::::::* cpe:2.3:h:nokia:e6:-:::::::* cpe:2.3:h:nokia:e7:-:::::::* cpe:2.3:h:nokia:n8:-:::::::* cpe:2.3:h:nokia:oro:-:::::::* cpe:2.3:h:nokia:vertu_constellation_t:-:::::::* cpe:2.3:o:symwld:delight_custom_firmware:1.0:::::::* cpe:2.3:o:symwld:delight_custom_firmware:1.1:::::::* cpe:2.3:o:symwld:delight_custom_firmware:1.2:::::::* cpe:2.3:o:symwld:delight_custom_firmware:1.3:::::::* cpe:2.3:o:symwld:delight_custom_firmware:1.8:::::::* cpe:2.3:o:symwld:delight_custom_firmware:6.7:::::::*
Vendors & Products		Nokia 500 Nokia 603 Nokia 700 Nokia 701 Nokia 808 Pureview Nokia c6-01 Nokia c7 Nokia e6 Nokia e7 Nokia n8 Nokia oro Nokia vertu Constellation T Symwld Symwld delight Custom Firmware

Mon, 29 Dec 2025 23:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nokia Nokia symbian Nokia symbian Os
Vendors & Products		Nokia Nokia symbian Nokia symbian Os

Fri, 26 Dec 2025 17:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-77
Metrics		cvssV3_1 `{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 26 Dec 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.
References		https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d192b49546d https://www.symwld.com/delight/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-12-26T00:00:00.000Z

Updated: 2025-12-26T16:33:11.632Z

Reserved: 2025-11-18T00:00:00.000Z

Link: CVE-2025-65885

Vulnrichment

Updated: 2025-12-26T16:33:07.184Z

NVD

Status : Analyzed

Published: 2025-12-26T15:15:47.357

Modified: 2026-01-09T20:55:05.000

Link: CVE-2025-65885

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-12-29T23:04:11Z

Weaknesses

CWE-77

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object