What is CVE-2025-24818?

CVE-2025-24818 is a high-severity OS command injection vulnerability in Nokia MantaRay NM. Organizations using this product must patch immediately to mitigate risks of unauthorized access.

What is the severity of CVE-2025-24818?

CVE-2025-24818 has a severity rating of HIGH with a CVSS base score of 8.

CVE-2025-24818 | High Vulnerability in Nokia MantaRay NM

CVE-2025-24818, analyzed on April 7, 2026, identifies a high-severity OS command injection vulnerability in Nokia's MantaRay NM. This vulnerability allows attackers to exploit improper handling of special elements in OS commands within the Log Search application. Given the high CVSS score of 8.0, organizations must understand the associated risks and prioritize remediation efforts.

The vulnerability poses a significant risk to organizations utilizing the MantaRay NM product, particularly due to the nature of the command injection that could allow unauthorized access and impact the confidentiality, integrity, and availability of systems. The attack vector is classified as adjacent network, meaning that an attacker within the same network segment could exploit this vulnerability with low complexity and minimal privileges.

Organizations should prioritize patching immediately to mitigate the risk of exploitation. The urgency stems from the potential for significant impact if left unaddressed, as attackers may leverage this vulnerability to gain unauthorized control over systems.

Currently, there are no known exploits or public proof of concept code available for this vulnerability, but the potential risk remains high, necessitating swift action from security teams.

Vulnerability Details

The vulnerability allows for OS command injection due to improper neutralization of special elements in an OS command in the Log Search application of Nokia MantaRay NM. The CVSS score of 8.0 categorizes this vulnerability as high severity, indicating a significant risk to affected systems.

As per the CVSS 3.1 metrics, this vulnerability has a low attack complexity, requires low privileges, and does not require user interaction. The potential impacts are severe, with high confidentiality, integrity, and availability impacts.

Technical Analysis

The root cause of CVE-2025-24818 stems from the inadequate handling of user inputs within the Log Search application, leading to OS command injection vulnerabilities. The attack vector is adjacent network, indicating that an attacker on the local network can exploit the vulnerability.

The attack complexity is low, with attackers requiring only minimal privileges to execute the command injection. Importantly, user interaction is not necessary for exploitation, which heightens the risk profile of this vulnerability.

The impacts of successful exploitation include high risks to confidentiality, integrity, and availability of the system. This situation necessitates immediate attention from organizations utilizing the affected product.

Risk & Impact Analysis

The risk to organizations includes unauthorized access and control over the affected systems due to the command injection vulnerability. The potential for significant damage to data integrity and availability makes this a critical issue.

Organizations should assess the potential blast radius, particularly in environments where MantaRay NM is deployed in critical infrastructure. The urgency for remediation is high given the CVSS score and the potential impact of exploitation.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of Nokia MantaRay NM prior to version 25r1-nm. Organizations using affected versions should take immediate action to patch their systems.

Mitigation & Remediation

Organizations should prioritize applying patches provided by Nokia for the MantaRay NM product. If a patch is unavailable, consider implementing network controls to restrict access to the Log Search application.

Continuous penetration testing can also help identify potential vulnerabilities in your systems to ensure security measures are effective.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual command executions and system changes. Behavioral anomalies in application usage may also indicate attempts to exploit this vulnerability.

AppSecure Threat Intelligence Insight

The long-term significance of CVE-2025-24818 lies in its reflection of common weaknesses in command handling within applications. Security teams should learn from this incident to improve their threat modeling and vulnerability management strategies.

Organizations are encouraged to regularly engage in vulnerability management programs and stay informed about emerging threats.

Additionally, investing in penetration testing methodologies can enhance an organization's overall security posture.

Finally, sharing insights about vulnerabilities like CVE-2025-24818 can foster a collaborative security environment, enabling organizations to defend against similar threats.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-24818: High Vulnerability in Nokia MantaRay NM