CVE-2025-7406
Received Received - Intake

Sudo Privilege Escalation in Nokia MantaRay NM

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: Nokia

Description
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2025-7406
EUVD
EUVD-2025-210371

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nokia mantaray_nm to 25R2-NM (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-7406 is a sudo privilege escalation vulnerability in Nokia MantaRay NM software. It allows a local attacker who already has administrative (local admin) privileges to escalate their access to full root privileges on the host system.

Successful exploitation of this vulnerability grants the attacker root-level access to the filesystem and the ability to execute actions as the root user.

Affected versions include MantaRay NM 25R1-NM and earlier, and a fix is available in MantaRay NM 25R2-NM and later releases.

Impact Analysis

This vulnerability can have a significant impact because it allows an attacker with local administrative privileges to gain full root access on the affected system.

  • Root-level access enables the attacker to fully control the filesystem.
  • The attacker can execute any commands or actions as the root user, potentially compromising system integrity and security.
  • This could lead to unauthorized changes, data breaches, or disruption of services.

A temporary mitigation is to restrict the set of commands permitted via sudo for affected accounts until a patch is applied.

Detection Guidance

This vulnerability affects Nokia MantaRay NM software versions 25R1-NM and earlier, where a local attacker with administrative privileges can escalate to root privileges.

To detect if your system is vulnerable, you can check the installed version of MantaRay NM to see if it is 25R1-NM or earlier.

  • Run a command to check the installed version, for example: sudo mantaray_nm --version
  • Review sudoers configuration to identify accounts with unrestricted sudo command permissions that could be exploited.
  • Use commands like: sudo -l -U <username> to list allowed sudo commands for affected accounts.
Mitigation Strategies

Immediate mitigation involves restricting the set of commands permitted via sudo for the affected accounts to reduce the risk of privilege escalation.

Additionally, upgrading Nokia MantaRay NM software to version 25R2-NM or later, where the vulnerability is fixed, is recommended as a permanent solution.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-7406. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart