プラットフォーム
linux
コンポーネント
mantaray-nm
修正版
25.0.1
A Path Traversal vulnerability exists in Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM). This flaw stems from insufficient validation of input parameters within the Software Manager application, allowing attackers to potentially access sensitive files on the system. The vulnerability was published on 2026-04-07 and a fix is available in version 25R1-NM.
Successful exploitation of CVE-2025-24819 could allow an attacker to read arbitrary files on the system where MantaRay NM is installed. This includes configuration files, logs, and potentially even sensitive data stored on the file system. The extent of the impact depends on the permissions of the user account running the Software Manager application. A malicious actor could leverage this to gain a deeper understanding of the network infrastructure, extract credentials, or even execute arbitrary code if they can find and exploit files containing executable content. While no immediate precedent exists for this specific vulnerability, path traversal flaws are frequently exploited to gain unauthorized access to system resources.
CVE-2025-24819 is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available. Given the nature of path traversal vulnerabilities, it is likely that attackers will attempt to exploit this flaw once it becomes widely known. The NVD was published on 2026-04-07.
Organizations utilizing Nokia MantaRay NM in their network infrastructure, particularly those running versions prior to 25R1-NM, are at risk. This includes deployments where the Software Manager application is exposed to external networks or untrusted users. Shared hosting environments running MantaRay NM are also particularly vulnerable.
• linux / server:
journalctl -u manta-ray-nm | grep -i "path traversal"• linux / server:
lsof | grep /opt/manta-ray/software_manager/ # Check for unusual file accessdisclosure
エクスプロイト状況
EPSS
0.03% (8% パーセンタイル)
The primary mitigation for CVE-2025-24819 is to upgrade Nokia MantaRay NM to version 25R1-NM or later. If an immediate upgrade is not feasible, consider implementing stricter access controls on the file system to limit the potential impact of a successful exploit. Network segmentation can also help contain the blast radius. While a WAF might not directly prevent this vulnerability, it could be configured to monitor for suspicious file access attempts. There are no specific Sigma or YARA rules available at this time.
Actualice Nokia MantaRay NM a una versión posterior a 25R1-NM para mitigar la vulnerabilidad de recorrido de ruta relativa. Consulte la advisory de seguridad de Nokia para obtener más detalles e instrucciones de actualización específicas.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-24819 is a vulnerability in Nokia MantaRay NM allowing attackers to potentially access unauthorized files due to improper input validation in the Software Manager application.
You are affected if you are running Nokia MantaRay NM versions 1.0.0 and earlier (exclusive of 25R1-NM).
Upgrade to Nokia MantaRay NM version 25R1-NM or later to remediate the vulnerability.
There are currently no confirmed reports of active exploitation, but it is likely attackers will attempt to exploit this flaw once it becomes widely known.
Refer to the Nokia Security Bulletin for details and updates regarding CVE-2025-24819.