Search
Find a vulnerability
Search criteria
12 vulnerabilities found for MantaRay NM by Nokia
CVE-2025-7406 (GCVE-0-2025-7406)
Vulnerability from nvd – Published: 2026-06-30 08:59 – Updated: 2026-06-30 13:31
VLAI
Title
A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<NM 25R1-NM
Unaffected: ≥NM 25R1-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-7406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:31:19.958711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:31:51.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003cNM 25R1-NM"
},
{
"status": "unaffected",
"version": "\u2265NM 25R1-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T08:59:58.941Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/"
}
],
"title": "A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-7406",
"datePublished": "2026-06-30T08:59:58.941Z",
"dateReserved": "2025-07-10T06:10:12.822Z",
"dateUpdated": "2026-06-30T13:31:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24816 (GCVE-0-2025-24816)
Vulnerability from nvd – Published: 2026-06-30 08:58 – Updated: 2026-06-30 13:30
VLAI
Title
An Improper Access Control vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<25R2-NM
Unaffected: ≥25R2-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:30:08.532062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:30:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003c25R2-NM"
},
{
"status": "unaffected",
"version": "\u226525R2-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:40:27.463Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/"
}
],
"title": "An Improper Access Control vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24816",
"datePublished": "2026-06-30T08:58:29.484Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-06-30T13:30:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24815 (GCVE-0-2025-24815)
Vulnerability from nvd – Published: 2026-06-30 08:55 – Updated: 2026-06-30 13:29
VLAI
Title
An unrestricted file upload vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<25R2-NM
Unaffected: ≥25R2-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:28:43.371983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:29:34.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003c25R2-NM"
},
{
"status": "unaffected",
"version": "\u226525R2-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:40:20.157Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/"
}
],
"title": "An unrestricted file upload vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24815",
"datePublished": "2026-06-30T08:55:42.078Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-06-30T13:29:34.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24819 (GCVE-0-2025-24819)
Vulnerability from nvd – Published: 2026-04-07 15:14 – Updated: 2026-04-07 17:56
VLAI
Title
A Relative Path Traversal vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T17:46:21.365319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T17:56:15.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:14:42.719Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24819/"
}
],
"title": "A Relative Path Traversal vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24819",
"datePublished": "2026-04-07T15:14:42.719Z",
"dateReserved": "2025-01-24T13:25:43.870Z",
"dateUpdated": "2026-04-07T17:56:15.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24818 (GCVE-0-2025-24818)
Vulnerability from nvd – Published: 2026-04-07 15:13 – Updated: 2026-04-07 20:11
VLAI
Title
An OS Command Injection vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
Earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T20:11:08.674316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T20:11:29.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "Earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:13:22.492Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/"
}
],
"title": "An OS Command Injection vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24818",
"datePublished": "2026-04-07T15:13:22.492Z",
"dateReserved": "2025-01-24T13:25:43.870Z",
"dateUpdated": "2026-04-07T20:11:29.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24817 (GCVE-0-2025-24817)
Vulnerability from nvd – Published: 2026-04-07 15:09 – Updated: 2026-04-08 16:15
VLAI
Title
An OS Command Injection vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
Earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:47:32.334342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:15:12.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "Earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:09:47.125Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24817/"
}
],
"title": "An OS Command Injection vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24817",
"datePublished": "2026-04-07T15:09:47.125Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-04-08T16:15:12.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7406 (GCVE-0-2025-7406)
Vulnerability from cvelistv5 – Published: 2026-06-30 08:59 – Updated: 2026-06-30 13:31
VLAI
Title
A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<NM 25R1-NM
Unaffected: ≥NM 25R1-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-7406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:31:19.958711Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:31:51.576Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003cNM 25R1-NM"
},
{
"status": "unaffected",
"version": "\u2265NM 25R1-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T08:59:58.941Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/"
}
],
"title": "A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-7406",
"datePublished": "2026-06-30T08:59:58.941Z",
"dateReserved": "2025-07-10T06:10:12.822Z",
"dateUpdated": "2026-06-30T13:31:51.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24816 (GCVE-0-2025-24816)
Vulnerability from cvelistv5 – Published: 2026-06-30 08:58 – Updated: 2026-06-30 13:30
VLAI
Title
An Improper Access Control vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<25R2-NM
Unaffected: ≥25R2-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24816",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:30:08.532062Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:30:45.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003c25R2-NM"
},
{
"status": "unaffected",
"version": "\u226525R2-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:40:27.463Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/"
}
],
"title": "An Improper Access Control vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24816",
"datePublished": "2026-06-30T08:58:29.484Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-06-30T13:30:45.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24815 (GCVE-0-2025-24815)
Vulnerability from cvelistv5 – Published: 2026-06-30 08:55 – Updated: 2026-06-30 13:29
VLAI
Title
An unrestricted file upload vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
<25R2-NM
Unaffected: ≥25R2-NM |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24815",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-30T13:28:43.371983Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T13:29:34.489Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "\u003c25R2-NM"
},
{
"status": "unaffected",
"version": "\u226525R2-NM"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T11:40:20.157Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"name": "Nokia Product Security Advisory",
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/"
}
],
"title": "An unrestricted file upload vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24815",
"datePublished": "2026-06-30T08:55:42.078Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-06-30T13:29:34.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24819 (GCVE-0-2025-24819)
Vulnerability from cvelistv5 – Published: 2026-04-07 15:14 – Updated: 2026-04-07 17:56
VLAI
Title
A Relative Path Traversal vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
Severity
5.7 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24819",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T17:46:21.365319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T17:56:15.517Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:14:42.719Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24819/"
}
],
"title": "A Relative Path Traversal vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24819",
"datePublished": "2026-04-07T15:14:42.719Z",
"dateReserved": "2025-01-24T13:25:43.870Z",
"dateUpdated": "2026-04-07T17:56:15.517Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24818 (GCVE-0-2025-24818)
Vulnerability from cvelistv5 – Published: 2026-04-07 15:13 – Updated: 2026-04-07 20:11
VLAI
Title
An OS Command Injection vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
Earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24818",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T20:11:08.674316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T20:11:29.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "Earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:13:22.492Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/"
}
],
"title": "An OS Command Injection vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24818",
"datePublished": "2026-04-07T15:13:22.492Z",
"dateReserved": "2025-01-24T13:25:43.870Z",
"dateUpdated": "2026-04-07T20:11:29.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-24817 (GCVE-0-2025-24817)
Vulnerability from cvelistv5 – Published: 2026-04-07 15:09 – Updated: 2026-04-08 16:15
VLAI
Title
An OS Command Injection vulnerability in Nokia MantaRay NM
Summary
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Nokia | MantaRay NM |
Affected:
Earlier than 25R1-NM (exclusive)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-24817",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T15:47:32.334342Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:15:12.963Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "MantaRay NM",
"vendor": "Nokia",
"versions": [
{
"status": "affected",
"version": "Earlier than 25R1-NM (exclusive)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application."
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T15:09:47.125Z",
"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"shortName": "Nokia"
},
"references": [
{
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24817/"
}
],
"title": "An OS Command Injection vulnerability in Nokia MantaRay NM",
"x_generator": {
"engine": "cveClient/1.0.15"
}
}
},
"cveMetadata": {
"assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"assignerShortName": "Nokia",
"cveId": "CVE-2025-24817",
"datePublished": "2026-04-07T15:09:47.125Z",
"dateReserved": "2025-01-24T13:25:43.869Z",
"dateUpdated": "2026-04-08T16:15:12.963Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}