CVE-2025-7406
A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM
Public disclosure |
30-06-2026 |
|---|---|
Last updated |
30-06-2026 |
Vulnerability type |
Execution with unnecessary privileges |
CVSS vector |
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVSS score |
6.7 |
Description
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
Affected products and versions
MantaRay NM versions NM 25R1-NM and earlier.
Mitigation plan
Fix has been provided in MantaRay NM 25R2-NM and later releases.
Acknowledgements
- Andrea Carlo Maria Dattola (TIM Security Red Team Research)
- Cristina Coppola (TIM Security Red Team Research)
- Carlo Pannullo (TIM Security Red Team Research)
- Massimiliano Brolli (TIM Security Red Team Research)
