CVE-2025-7406
Nokia · MantaRay NM
A local privilege escalation vulnerability in Nokia MantaRay NM allows an authenticated local user with administrative privileges to escalate to root.
Executive summary
Nokia MantaRay NM contains a sudo-related privilege escalation vulnerability that allows a local administrator to achieve full root access on the underlying host.
Vulnerability
This is a privilege escalation vulnerability involving the sudo utility. An authenticated local user who already possesses standard administrative (local admin) access can exploit this flaw to execute commands with root privileges.
Business impact
Root-level access provides an attacker with complete control over the host system, allowing for the exfiltration of sensitive configuration data, installation of persistent backdoors, or destruction of system logs. With a CVSS score of 7.8, this flaw represents a significant risk to the security posture of the network management infrastructure.
Remediation
Immediate Action: Update the Nokia MantaRay NM software to the latest patched version provided by the vendor.
Proactive Monitoring: Audit local account activity and sudo usage logs to detect unauthorized elevation attempts or irregular command execution by administrative users.
Compensating Controls: Implement the principle of least privilege by strictly limiting the number of users with local administrative rights on the host.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Privilege escalation vulnerabilities are highly prized by attackers for lateral movement and persistence. Administrators should prioritize patching this vulnerability to prevent the escalation of local access into a full system compromise, thereby securing the management plane of the network.