CVE-2025-24817
OS Command Injection in Nokia MantaRay Symptom Collector
Publication date: 2026-04-07
Last updated on: 2026-04-22
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | mantaray_nm | to 25r1-nm (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows remote attackers with low privileges to execute arbitrary OS commands, resulting in high impact on confidentiality, integrity, and availability of the affected system.
Such impacts on confidentiality and integrity could potentially lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, the provided information does not explicitly state the direct effects on compliance with these standards.
Can you explain this vulnerability to me?
CVE-2025-24817 is an OS command injection vulnerability in Nokia MantaRay NM, specifically within the Symptom Collector application.
The vulnerability occurs because the application improperly neutralizes special elements used in OS commands, which allows an attacker to inject and execute arbitrary operating system commands.
An attacker with low privileges and no need for user interaction can exploit this vulnerability remotely over the network.
How can this vulnerability impact me? :
This vulnerability can have a high impact on the affected system's confidentiality, integrity, and availability.
- An attacker can execute arbitrary OS commands remotely, potentially gaining unauthorized access or control.
- It can lead to data breaches, system manipulation, or denial of service.
- Because the attack requires low privileges and no user interaction, it is relatively easy to exploit.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the OS command injection vulnerability in Nokia MantaRay NM's Symptom Collector application, you should apply the security updates SU1456 if you are running versions 24R2-NM or 24R3-NM.
Alternatively, upgrading to version 25R1-NM or later, which includes the fixes for this vulnerability, is recommended.