CVE-2025-24818
Received Received - Intake
OS Command Injection in Nokia MantaRay Log Search Application

Publication date: 2026-04-07

Last updated on: 2026-04-22

Assigner: Nokia

Description
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-24818
EUVD
EUVD-2025-209264
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nokia mantaray_nm to 25r1-nm (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-77 The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-24818 is an OS command injection vulnerability found in Nokia MantaRay NM, specifically within the Log Search application.

This vulnerability arises due to improper neutralization of special characters used in OS commands, allowing an attacker to execute arbitrary commands on the affected system.

It affects all MantaRay NM versions earlier than 25R1-NM (exclusive).

Compliance Impact

The vulnerability allows an attacker to execute arbitrary OS commands on the affected Nokia MantaRay NM system, leading to high impacts on confidentiality, integrity, and availability of data.

Such impacts can potentially lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.

However, the provided information does not explicitly state the direct effects on compliance or specific regulatory implications.

Impact Analysis

An attacker exploiting this vulnerability can execute arbitrary OS commands on the affected system.

The CVSS 3.1 base score is 8.0, indicating a high severity with impacts on confidentiality, integrity, and availability.

  • Confidentiality: High impact, meaning sensitive information could be exposed.
  • Integrity: High impact, meaning data could be altered or corrupted.
  • Availability: High impact, meaning the system or service could be disrupted or made unavailable.

The attack requires adjacent network access, low attack complexity, and low privileges, with no user interaction needed.

Mitigation Strategies

To mitigate the OS command injection vulnerability in Nokia MantaRay NM Log Search application, you should apply the security updates provided by Nokia.

  • Install MantaRay NM Security Update SU1456 if you are running versions 24R2-NM or 24R3-NM.
  • Upgrade to version 25R1-NM or later, where the vulnerability has been fixed.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-24818. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart