CVE-2025-24817

HIGH

An OS Command Injection vulnerability in Nokia MantaRay NM

Title source: cna

Description

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

References (1)

Core 1

Core References

https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24817/

Scores

CVSS v3 8.0

EPSS 0.0101

EPSS Percentile 58.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78

Status published

Products (2)

Nokia/MantaRay NM Earlier than 25R1-NM (exclusive)

nokia/mantaray_nm < 25r1-nm

Published Apr 07, 2026

Tracked Since Apr 07, 2026