Platform
linux
Component
mantaray-nm
Fixed in
25.0.1
A Path Traversal vulnerability exists in Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM). This flaw stems from insufficient validation of input parameters within the Software Manager application, allowing attackers to potentially access sensitive files on the system. The vulnerability was published on 2026-04-07 and a fix is available in version 25R1-NM.
Successful exploitation of CVE-2025-24819 could allow an attacker to read arbitrary files on the system where MantaRay NM is installed. This includes configuration files, logs, and potentially even sensitive data stored on the file system. The extent of the impact depends on the permissions of the user account running the Software Manager application. A malicious actor could leverage this to gain a deeper understanding of the network infrastructure, extract credentials, or even execute arbitrary code if they can find and exploit files containing executable content. While no immediate precedent exists for this specific vulnerability, path traversal flaws are frequently exploited to gain unauthorized access to system resources.
CVE-2025-24819 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available. Given the nature of path traversal vulnerabilities, it is likely that attackers will attempt to exploit this flaw once it becomes widely known. The NVD was published on 2026-04-07.
Exploit Status
EPSS
0.03% (8% percentile)
The primary mitigation for CVE-2025-24819 is to upgrade Nokia MantaRay NM to version 25R1-NM or later. If an immediate upgrade is not feasible, consider implementing stricter access controls on the file system to limit the potential impact of a successful exploit. Network segmentation can also help contain the blast radius. While a WAF might not directly prevent this vulnerability, it could be configured to monitor for suspicious file access attempts. There are no specific Sigma or YARA rules available at this time.
Update Nokia MantaRay NM to a version later than 25R1-NM to mitigate the relative path traversal vulnerability. Refer to the Nokia security advisory for more details and specific upgrade instructions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-24819 is a vulnerability in Nokia MantaRay NM allowing attackers to potentially access unauthorized files due to improper input validation in the Software Manager application.
You are affected if you are running Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM).
Upgrade to Nokia MantaRay NM version 25R1-NM or later to remediate the vulnerability.
There are currently no confirmed reports of active exploitation, but it is likely attackers will attempt to exploit this flaw once it becomes widely known.
Refer to the Nokia Security Bulletin for details and updates regarding CVE-2025-24819.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.