Overview
| Field | Details |
|---|---|
| CVE ID | CVE-2025-24819 |
| Severity | Medium |
| CVSS Score | 5.7 |
| CVSS Vector | CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| CWE | CWE-23 — Relative Path Traversal |
| Vendor | Nokia |
| Affected Product | Nokia MantaRay NM |
| Affected Versions | All versions before 25r1-nm |
| Disclosure Date | April 7, 2026 |
Description
Nokia MantaRay NM is vulnerable to a Relative Path Traversal vulnerability in the Software Manager application, due to improper validation of input parameters on the file system. An authenticated attacker on the adjacent network can exploit this flaw without user interaction to read arbitrary files outside the intended directory.
Impact
Successful exploitation allows an attacker to access high-confidentiality data on the file system of the affected Nokia MantaRay NM instance. Integrity and availability are not impacted.
Remediation
Upgrade Nokia MantaRay NM to version 25r1-nm or later.
References
Credits
Discovered by Carlo Pannullo (TIM Security Red Team Research).