Plattform
linux
Komponente
mantaray-nm
Behoben in
25.0.1
A Command Injection vulnerability (CVE-2025-24818) has been identified in Nokia MantaRay NM versions prior to 25R1-NM. This vulnerability stems from improper handling of special characters within OS commands within the Log Search application, potentially allowing attackers to execute arbitrary commands on the system. Affected versions include 1.0.0 and earlier. Applying the provided patch, version 25R1-NM, resolves this issue.
Successful exploitation of CVE-2025-24818 grants an attacker the ability to execute arbitrary commands with the privileges of the affected process. This could involve gaining persistent access to the system, exfiltrating sensitive data, modifying system configurations, or even pivoting to other systems on the network. The blast radius extends to any data accessible by the compromised process, and the potential for lateral movement is significant if the process has elevated privileges. While no specific real-world exploits have been publicly disclosed, the command injection nature of the vulnerability makes it a high-risk concern.
CVE-2025-24818 was published on 2026-04-07. Its severity is pending evaluation. No public proof-of-concept exploits are currently known. It is not listed on KEV or EPSS. Organizations should prioritize patching to address this potential risk.
Organizations utilizing Nokia MantaRay NM in their network management infrastructure are at risk, particularly those running versions 1.0.0 and earlier. Environments where the Log Search application is exposed to external users or untrusted networks face a heightened risk of exploitation. Shared hosting environments utilizing vulnerable MantaRay NM instances are also particularly susceptible.
• linux / server:
journalctl -u manta-ray-nm | grep -i "command injection"• linux / server:
ps aux | grep -i "log search" | grep -i "command injection"• generic web:
Use curl or wget to test the Log Search endpoint with potentially malicious input (e.g., ; ls -l). Monitor access logs for suspicious requests containing command injection attempts.
disclosure
Exploit-Status
EPSS
0.11% (29% Perzentil)
The primary mitigation for CVE-2025-24818 is to upgrade Nokia MantaRay NM to version 25R1-NM or later. If an immediate upgrade is not feasible, consider implementing temporary workarounds such as restricting access to the Log Search application and carefully reviewing all input parameters. Network segmentation can also limit the potential impact of a successful exploit. Monitor system logs for suspicious activity related to command execution. There are no specific Sigma or YARA rules available at this time, but monitoring for unusual process execution patterns is recommended.
Actualice Nokia MantaRay NM a una versión posterior a 25R1-NM para mitigar la vulnerabilidad de inyección de comandos del sistema operativo. Consulte la advisory de seguridad de Nokia para obtener instrucciones detalladas y la versión corregida específica.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24818 is a Command Injection vulnerability affecting Nokia MantaRay NM versions prior to 25R1-NM. It allows attackers to execute arbitrary OS commands through the Log Search application.
You are affected if you are running Nokia MantaRay NM version 1.0.0 or earlier. Upgrade to version 25R1-NM or later to mitigate the risk.
The recommended fix is to upgrade to Nokia MantaRay NM version 25R1-NM or later. Input validation and WAF rules can provide temporary mitigation.
Currently, there are no confirmed reports of active exploitation of CVE-2025-24818. However, the vulnerability is publicly known and could be targeted.
Refer to the official Nokia security advisory for detailed information and updates regarding CVE-2025-24818. Check the Nokia Security Bulletin website for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.