Executive Summary

CVE-2025-24817 is an OS command injection vulnerability in Nokia MantaRay NM, specifically within the Symptom Collector application.

The vulnerability occurs because the application improperly neutralizes special elements used in OS commands, which allows an attacker to inject and execute arbitrary operating system commands.

An attacker with low privileges and no need for user interaction can exploit this vulnerability remotely over the network.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have a high impact on the affected system's confidentiality, integrity, and availability.

• An attacker can execute arbitrary OS commands remotely, potentially gaining unauthorized access or control.
• It can lead to data breaches, system manipulation, or denial of service.
• Because the attack requires low privileges and no user interaction, it is relatively easy to exploit.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate the OS command injection vulnerability in Nokia MantaRay NM's Symptom Collector application, you should apply the security updates SU1456 if you are running versions 24R2-NM or 24R3-NM.

Alternatively, upgrading to version 25R1-NM or later, which includes the fixes for this vulnerability, is recommended.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows remote attackers with low privileges to execute arbitrary OS commands, resulting in high impact on confidentiality, integrity, and availability of the affected system.

Such impacts on confidentiality and integrity could potentially lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly state the direct effects on compliance with these standards.

Useful 0 Not Useful 0