CVE-2025-24819
Received Received - Intake
Relative Path Traversal in Nokia MantaRay Software Manager

Publication date: 2026-04-07

Last updated on: 2026-04-22

Assigner: Nokia

Description
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability due to improper validation of input parameter on the file system in Software Manager application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-22
Generated
2026-06-16
AI Q&A
2026-04-07
EPSS Evaluated
2026-06-15
NVD
CVE-2025-24819
EUVD
EUVD-2025-209265
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nokia mantaray_nm to 25r1-nm (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-24819 is a Relative Path Traversal vulnerability in Nokia MantaRay NM's Software Manager application. It occurs because the application improperly validates an input parameter related to the file system.

This flaw allows an attacker with low privileges and network access to potentially access unauthorized files by manipulating the file path.

Compliance Impact

The vulnerability allows an attacker with low privileges and network access to potentially access unauthorized files, which poses a high confidentiality impact. This unauthorized access to sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.

However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.

Detection Guidance

To detect the presence of the CVE-2025-24819 vulnerability on your system, you should first identify if you are running Nokia MantaRay NM Software Manager application versions prior to 25R1-NM, as these are affected.

Since the vulnerability involves a Relative Path Traversal due to improper input validation, detection can involve checking for unusual or unauthorized file access attempts through the Software Manager application.

Specific commands to detect exploitation attempts or vulnerable versions are not provided in the available resources. However, general approaches include:

  • Checking the installed version of Nokia MantaRay NM to confirm if it is older than 25R1-NM.
  • Monitoring logs for suspicious file path requests or access patterns that include relative path traversal sequences such as "../".
  • Using network monitoring tools to detect anomalous requests targeting the Software Manager application.

For example, to check the version, you might use commands specific to your system environment or the Nokia MantaRay NM management interface. To monitor logs, commands like 'grep "../" /path/to/software_manager/logs' on Linux systems could help identify suspicious path traversal attempts.

Impact Analysis

The vulnerability can lead to unauthorized access to sensitive files, impacting the confidentiality of data.

According to the CVSS score, it has a moderate severity with a high confidentiality impact but does not affect integrity or availability.

Mitigation Strategies

To mitigate the Relative Path Traversal vulnerability in Nokia MantaRay NM's Software Manager application, you should upgrade all affected versions to version 25R1-NM or later, where the issue has been fixed.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-24819. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart