CVE-2025-24819
Relative Path Traversal in Nokia MantaRay Software Manager
Publication date: 2026-04-07
Last updated on: 2026-04-22
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nokia | mantaray_nm | to 25r1-nm (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-23 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-24819 is a Relative Path Traversal vulnerability in Nokia MantaRay NM's Software Manager application. It occurs because the application improperly validates an input parameter related to the file system.
This flaw allows an attacker with low privileges and network access to potentially access unauthorized files by manipulating the file path.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to sensitive files, impacting the confidentiality of data.
According to the CVSS score, it has a moderate severity with a high confidentiality impact but does not affect integrity or availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate the Relative Path Traversal vulnerability in Nokia MantaRay NM's Software Manager application, you should upgrade all affected versions to version 25R1-NM or later, where the issue has been fixed.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows an attacker with low privileges and network access to potentially access unauthorized files, which poses a high confidentiality impact. This unauthorized access to sensitive data could lead to non-compliance with data protection regulations such as GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.
However, the provided information does not explicitly mention compliance impacts or specific regulatory considerations.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect the presence of the CVE-2025-24819 vulnerability on your system, you should first identify if you are running Nokia MantaRay NM Software Manager application versions prior to 25R1-NM, as these are affected.
Since the vulnerability involves a Relative Path Traversal due to improper input validation, detection can involve checking for unusual or unauthorized file access attempts through the Software Manager application.
Specific commands to detect exploitation attempts or vulnerable versions are not provided in the available resources. However, general approaches include:
- Checking the installed version of Nokia MantaRay NM to confirm if it is older than 25R1-NM.
- Monitoring logs for suspicious file path requests or access patterns that include relative path traversal sequences such as "../".
- Using network monitoring tools to detect anomalous requests targeting the Software Manager application.
For example, to check the version, you might use commands specific to your system environment or the Nokia MantaRay NM management interface. To monitor logs, commands like 'grep "../" /path/to/software_manager/logs' on Linux systems could help identify suspicious path traversal attempts.