CVE-2025-24818
OS Command Injection in Nokia MantaRay Log Search Application
Publication date: 2026-04-07
Last updated on: 2026-04-22
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | mantaray_nm | to 25r1-nm (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-24818 is an OS command injection vulnerability found in Nokia MantaRay NM, specifically within the Log Search application.
This vulnerability arises due to improper neutralization of special characters used in OS commands, allowing an attacker to execute arbitrary commands on the affected system.
It affects all MantaRay NM versions earlier than 25R1-NM (exclusive).
How can this vulnerability impact me? :
An attacker exploiting this vulnerability can execute arbitrary OS commands on the affected system.
The CVSS 3.1 base score is 8.0, indicating a high severity with impacts on confidentiality, integrity, and availability.
- Confidentiality: High impact, meaning sensitive information could be exposed.
- Integrity: High impact, meaning data could be altered or corrupted.
- Availability: High impact, meaning the system or service could be disrupted or made unavailable.
The attack requires adjacent network access, low attack complexity, and low privileges, with no user interaction needed.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the OS command injection vulnerability in Nokia MantaRay NM Log Search application, you should apply the security updates provided by Nokia.
- Install MantaRay NM Security Update SU1456 if you are running versions 24R2-NM or 24R3-NM.
- Upgrade to version 25R1-NM or later, where the vulnerability has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker to execute arbitrary OS commands on the affected Nokia MantaRay NM system, leading to high impacts on confidentiality, integrity, and availability of data.
Such impacts can potentially lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and system integrity.
However, the provided information does not explicitly state the direct effects on compliance or specific regulatory implications.