CVE-2025-24817
An OS Command Injection vulnerability in Nokia MantaRay NM

Public disclosure	07-04-2026
Last updated	07-04-2026
Vulnerability type	Command Injection
CVSS vector	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS score	8.0

Description

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

Affected products and versions

All MantaRay NM versions earlier than 25R1-NM (exclusive).

Mitigation plan

Fixes have been provided in MantaRay NM Security Update SU1456 (for 24R2-NM and 24R3-NM), as well as in 25R1-NM and later releases.

Acknowledgements

Andrea Carlo Maria Dattola (TIM S.p.A)
Cristina Coppola (TIM S.p.A)
Carlo Pannullo (TIM S.p.A)
Massimiliano Brolli (TIM S.p.A)

Select your country

CVE-2025-24817
An OS Command Injection vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

Looking for Nokia licensed products support?

Looking for Nokia licensed products support?

Select your country

CVE-2025-24817An OS Command Injection vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

CVE-2025-24817
An OS Command Injection vulnerability in Nokia MantaRay NM