Plattform
linux
Komponente
mantaray-nm
Behoben in
25.0.1
CVE-2025-24817 represents a command injection vulnerability discovered in the Nokia MantaRay NM network management system. This flaw allows an attacker to execute arbitrary operating system commands on the affected system, potentially leading to unauthorized access and control. The vulnerability affects versions 1.0.0 and all versions prior to 25R1-NM (exclusive). A patch is available in version 25R1-NM.
The impact of CVE-2025-24817 is significant, as it allows an attacker to execute arbitrary OS commands on the affected Nokia MantaRay NM system. This could lead to complete system compromise, allowing the attacker to steal sensitive data, modify configurations, install malware, or use the system as a launchpad for further attacks within the network. The blast radius extends to all data and resources accessible by the MantaRay NM system. Given the role of network management systems, a successful compromise could disrupt network operations and impact numerous users and services. This vulnerability highlights the importance of proper input validation and output encoding in network management applications.
CVE-2025-24817 was published on 2026-04-07. Currently, there are no publicly available Proof-of-Concept (POC) exploits. The CVSS score is pending evaluation. It is not currently listed on CISA KEV or EPSS, suggesting a low probability of active exploitation at this time. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
Exploit-Status
EPSS
0.11% (29% Perzentil)
The primary mitigation for CVE-2025-24817 is to upgrade to version 25R1-NM or later. Before upgrading, review the Nokia release notes for any potential compatibility issues or breaking changes. Consider performing a test upgrade in a non-production environment first. As a temporary workaround, restrict access to the Symptom Collector application and implement strict input validation to prevent malicious commands from being executed. Monitor system logs for suspicious activity related to command execution. Implement a Web Application Firewall (WAF) to filter out potentially malicious requests targeting the Symptom Collector application. After the upgrade, confirm the vulnerability has been resolved by attempting to reproduce the exploit in a controlled environment.
Actualice Nokia MantaRay NM a una versión posterior a 25R1-NM para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Consulte la advisory de seguridad de Nokia para obtener instrucciones detalladas y la versión corregida específica.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's an OS command injection vulnerability in Nokia MantaRay NM.
Upgrade to version 25R1-NM as soon as possible.
It's a Knowledge Engineering Vector; indicating that severity and impact are being evaluated.
Review system logs for suspicious activity.
Implement strict access controls and monitor network activity.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.