{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24818", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-24T13:25:43.870Z", "datePublished": "2026-04-07T15:13:22.492Z", "dateUpdated": "2026-04-07T20:11:29.811Z"}, "containers": {"cna": {"title": "An OS Command Injection vulnerability in Nokia MantaRay NM", "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."}], "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "defaultStatus": "affected", "versions": [{"version": "Earlier than 25R1-NM (exclusive)", "status": "affected"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/"}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-04-07T15:13:22.492Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-77", "lang": "en", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-07T20:11:08.674316Z", "id": "CVE-2025-24818", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T20:11:29.811Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24818", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-07T20:11:08.674316Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-77", "description": "CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-07T20:07:43.877Z"}}], "cna": {"title": "An OS Command Injection vulnerability in Nokia MantaRay NM", "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "versions": [{"status": "affected", "version": "Earlier than 25R1-NM (exclusive)"}], "defaultStatus": "affected"}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-04-07T15:13:22.492Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24818", "state": "PUBLISHED", "dateUpdated": "2026-04-07T20:11:29.811Z", "dateReserved": "2025-01-24T13:25:43.870Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2026-04-07T15:13:22.492Z", "assignerShortName": "Nokia"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*", "matchCriteriaId": "C678CD07-A42D-4168-8852-9C232E8DA11B", "versionEndExcluding": "25r1-nm", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."}], "id": "CVE-2025-24818", "lastModified": "2026-04-22T18:54:40.833", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-07T16:16:22.813", "references": [{"source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "tags": ["Vendor Advisory"], "url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/"}], "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,25R1-NM)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "MantaRay NM", "source": "cna", "vendor": "Nokia"}, "product": "mantaray_nm", "vendor": "nokia"}], "analysis": {"en": {"generated_at": "2026-04-07T23:23:51.613599+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2011issued patch for Nokia MantaRay NM as soon as it becomes available", "Verify the device is running a patched version after remediation", "If a patch is not yet available, restrict access to the Log Search feature or block the affected ports from external networks", "Monitor logs for anomalous command execution patterns and conduct regular vulnerability scans"], "summary": {"action": "Immediate Patch", "impact": "OS Command Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects Nokia MantaRay NM. No specific firmware or release versions are provided, so all current installations of the product are potentially impacted.", "description_and_impact": "Nokia MantaRay NM has an OS command injection issue caused by improper handling of special characters in the Log Search application. An attacker could exploit this flaw to execute arbitrary system commands, potentially compromising the affected device\u2019s confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 8 indicates high severity. EPSS data is unavailable, and the flaw is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote exploitation through the Log Search interface, requiring network access and the ability to craft inputs containing special elements. The attacker could gain elevated privileges or control over the device, leading to full system compromise."}}}}, "created": "2026-04-08T19:37:11.860907+00:00", "updated": "2026-04-08T19:48:27.553221+00:00", "vendors": ["nokia", "nokia$PRODUCT$mantaray_nm"]}