CVE-2025-24815

Nokia · MantaRay NM

Nokia MantaRay NM is vulnerable to an unrestricted file upload flaw due to insufficient validation of user-submitted file types.

Executive summary

An unrestricted file upload vulnerability in Nokia MantaRay NM allows unauthenticated remote attackers to upload and execute arbitrary files on the server.

Vulnerability

The system fails to perform adequate file type and extension validation on uploads. This allows an attacker to bypass security filters and upload malicious scripts, which can then be executed by the web server.

Business impact

This vulnerability provides a direct pathway for remote code execution, which can lead to complete server compromise, data exfiltration, or the deployment of ransomware. Given the CVSS score of 7.8, this vulnerability represents a high risk to the availability and security of critical network management infrastructure.

Remediation

Immediate Action: Apply security updates provided by Nokia to enforce strict file type validation and restrict upload directories.

Proactive Monitoring: Inspect web server directories for unauthorized or suspicious file uploads and review logs for unusual POST requests.

Compensating Controls: Configure a Web Application Firewall (WAF) to block requests containing suspicious file extensions or non-standard file headers directed at the upload function.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Network administrators must treat this vulnerability with extreme urgency due to the critical nature of network management software. It is imperative to apply all available patches immediately and ensure that the management interface is not exposed to the public internet.