CVE-2025-7406

Nokia · MantaRay NM

A local privilege escalation vulnerability in Nokia MantaRay NM allows an authenticated local user with administrative privileges to escalate to root.

Executive summary

Nokia MantaRay NM contains a sudo-related privilege escalation vulnerability that allows a local administrator to achieve full root access on the underlying host.

Vulnerability

This is a privilege escalation vulnerability involving the sudo utility. An authenticated local user who already possesses standard administrative (local admin) access can exploit this flaw to execute commands with root privileges.

Business impact

Root-level access provides an attacker with complete control over the host system, allowing for the exfiltration of sensitive configuration data, installation of persistent backdoors, or destruction of system logs. With a CVSS score of 7.8, this flaw represents a significant risk to the security posture of the network management infrastructure.

Remediation

Immediate Action: Update the Nokia MantaRay NM software to the latest patched version provided by the vendor.

Proactive Monitoring: Audit local account activity and sudo usage logs to detect unauthorized elevation attempts or irregular command execution by administrative users.

Compensating Controls: Implement the principle of least privilege by strictly limiting the number of users with local administrative rights on the host.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Privilege escalation vulnerabilities are highly prized by attackers for lateral movement and persistence. Administrators should prioritize patching this vulnerability to prevent the escalation of local access into a full system compromise, thereby securing the management plane of the network.