Plattform
linux
Komponente
mantaray-nm
Behoben in
25.0.1
A Path Traversal vulnerability exists in Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM). This flaw stems from insufficient validation of input parameters within the Software Manager application, allowing attackers to potentially access sensitive files on the system. The vulnerability was published on 2026-04-07 and a fix is available in version 25R1-NM.
Successful exploitation of CVE-2025-24819 could allow an attacker to read sensitive configuration files, source code, or other critical data stored on the affected system. Depending on the permissions of the Software Manager application, an attacker might be able to modify or even delete files, leading to system instability or data loss. The blast radius is limited to the file system accessible by the application, but the potential for data compromise is significant. There are no known real-world exploits, but the path traversal nature of the vulnerability makes it a serious concern.
CVE-2025-24819 was published on 2026-04-07. Its severity is pending evaluation. No public proof-of-concept exploits are currently known. It is not listed on KEV or EPSS. Organizations should prioritize patching to address this potential risk.
Organizations utilizing Nokia MantaRay NM in their network infrastructure, particularly those running versions prior to 25R1-NM, are at risk. This includes deployments where the Software Manager application is exposed to external networks or untrusted users. Shared hosting environments running MantaRay NM are also particularly vulnerable.
• linux / server:
journalctl -u manta-ray-nm | grep -i "path traversal"• linux / server:
lsof | grep /opt/manta-ray/software_manager/ # Check for unusual file accessdisclosure
Exploit-Status
EPSS
0.03% (8% Perzentil)
The primary mitigation for CVE-2025-24819 is to upgrade Nokia MantaRay NM to version 25R1-NM or later. If an immediate upgrade is not possible, restrict access to the Software Manager application and implement strict input validation on all file system paths. Consider using a Web Application Firewall (WAF) to filter out malicious requests. Monitor system logs for unusual file access patterns. No specific Sigma or YARA rules are currently available.
Actualice Nokia MantaRay NM a una versión posterior a 25R1-NM para mitigar la vulnerabilidad de recorrido de ruta relativa. Consulte la advisory de seguridad de Nokia para obtener más detalles e instrucciones de actualización específicas.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24819 is a vulnerability in Nokia MantaRay NM allowing attackers to potentially access unauthorized files due to improper input validation in the Software Manager application.
You are affected if you are running Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM).
Upgrade to Nokia MantaRay NM version 25R1-NM or later to remediate the vulnerability.
There are currently no confirmed reports of active exploitation, but it is likely attackers will attempt to exploit this flaw once it becomes widely known.
Refer to the Nokia Security Bulletin for details and updates regarding CVE-2025-24819.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.