Platform
linux
Component
mantaray-nm
Fixed in
25.0.1
A Command Injection vulnerability (CVE-2025-24818) has been identified in Nokia MantaRay NM versions prior to 25R1-NM. This vulnerability stems from improper handling of special characters within OS commands within the Log Search application, potentially allowing attackers to execute arbitrary commands on the system. Affected versions include 1.0.0 and earlier. Applying the provided patch, version 25R1-NM, resolves this issue.
Successful exploitation of CVE-2025-24818 could grant an attacker complete control over the affected Nokia MantaRay NM system. An attacker could leverage this to execute arbitrary commands, potentially leading to data exfiltration, system compromise, and disruption of network services. The Log Search application's vulnerability provides a direct pathway for command execution, bypassing standard security controls if not properly addressed. The blast radius extends to any data accessible by the MantaRay NM system, including sensitive network configurations and logs.
The vulnerability was publicly disclosed on 2026-04-07. Exploitation context is currently unknown; no public proof-of-concept exploits have been identified. The vulnerability is not currently listed on the CISA KEV catalog. The potential for exploitation depends on the accessibility of the Log Search application and the presence of vulnerable versions of Nokia MantaRay NM in deployed environments.
Exploit Status
EPSS
0.11% (29% percentile)
The primary mitigation for CVE-2025-24818 is to upgrade Nokia MantaRay NM to version 25R1-NM or later. If immediate upgrade is not feasible, consider implementing strict input validation on all user-supplied data used in OS commands within the Log Search application. Employing a Web Application Firewall (WAF) with command injection rules can provide an additional layer of defense. Carefully review and restrict user permissions within the Log Search application to limit the potential impact of a successful attack. After upgrade, confirm the vulnerability is resolved by attempting a command injection payload through the Log Search application and verifying that it is properly sanitized.
Update Nokia MantaRay NM to a version later than 25R1-NM to mitigate the OS command injection vulnerability. Refer to the Nokia security advisory for detailed instructions and the specific patched version.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24818 is a Command Injection vulnerability affecting Nokia MantaRay NM versions prior to 25R1-NM. It allows attackers to execute arbitrary OS commands through the Log Search application.
You are affected if you are running Nokia MantaRay NM version 1.0.0 or earlier. Upgrade to version 25R1-NM or later to mitigate the risk.
The recommended fix is to upgrade to Nokia MantaRay NM version 25R1-NM or later. Input validation and WAF rules can provide temporary mitigation.
Currently, there are no confirmed reports of active exploitation of CVE-2025-24818. However, the vulnerability is publicly known and could be targeted.
Refer to the official Nokia security advisory for detailed information and updates regarding CVE-2025-24818. Check the Nokia Security Bulletin website for the latest information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.