Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-24815

CVE-2025-24815: Nokia MantaRay NM File Upload Vulnerability

CVE-2025-24815 is an unrestricted file upload vulnerability in Nokia MantaRay NM that allows authenticated attackers to upload malicious files. This article covers technical details, affected versions, impact, and mitigation.

Published:

CVE-2025-24815 Overview

CVE-2025-24815 is an unrestricted file upload vulnerability in Nokia MantaRay Network Manager (NM). The flaw stems from insufficient file type validation in the upload handler [CWE-434]. An authenticated attacker with local access can upload malicious files to the system. Successful exploitation leads to compromise of confidentiality, integrity, and availability on the affected host. Nokia published a security advisory acknowledging the issue and providing remediation guidance.

Critical Impact

An authenticated local attacker can upload arbitrary files to Nokia MantaRay NM, enabling code execution and full compromise of the management platform.

Affected Products

  • Nokia MantaRay Network Manager (NM)
  • Refer to the Nokia Security Advisory CVE-2025-24815 for specific affected versions
  • Deployments where authenticated users can access the file upload functionality

Discovery Timeline

  • 2026-06-30 - CVE-2025-24815 published to NVD
  • 2026-06-30 - Last updated in NVD database

Technical Details for CVE-2025-24815

Vulnerability Analysis

The vulnerability resides in the file upload component of Nokia MantaRay NM. The application accepts uploaded files without adequately verifying file type, extension, or content signatures. An attacker with valid low-privilege credentials can submit files that the platform would normally reject. Because the attack vector is local and requires authentication, exploitation depends on prior access to the management interface. Once uploaded, malicious content can be interpreted or executed by the underlying application context, resulting in high impact to confidentiality, integrity, and availability.

Root Cause

The root cause is insufficient validation of user-supplied file uploads [CWE-434]. The upload handler does not adequately restrict file extensions, MIME types, or content signatures. Server-side allowlisting and content inspection are missing or incomplete. Any authenticated user with access to the upload feature can bypass the intended file type restrictions.

Attack Vector

Exploitation requires local access and valid authentication to the MantaRay NM platform. The attacker interacts with the file upload feature and submits a file crafted to bypass client-side or partial server-side checks. Once written to disk, the attacker can trigger execution or use the file to escalate privileges within the management system. No user interaction is required beyond the attacker's own session. Refer to the Nokia Security Advisory CVE-2025-24815 for vendor-provided technical detail.

Detection Methods for CVE-2025-24815

Indicators of Compromise

  • Unexpected files with executable or script extensions (.jsp, .war, .sh, .php) in MantaRay NM upload directories
  • Web server or application logs recording POST requests to upload endpoints from non-administrative accounts
  • New processes spawned by the MantaRay NM service account following upload activity
  • Outbound network connections from the MantaRay NM host to unfamiliar destinations

Detection Strategies

  • Audit MantaRay NM application logs for file upload events and correlate with user identity and file metadata
  • Monitor filesystem changes in directories used by the MantaRay NM upload handler using file integrity monitoring
  • Alert on execution of interpreters (bash, sh, java, scripting runtimes) launched by the application service account

Monitoring Recommendations

  • Enable verbose logging on the MantaRay NM upload subsystem and forward logs to a centralized SIEM
  • Baseline expected file types and sizes in upload directories, then alert on deviations
  • Track authentication events for the management platform and flag uploads from accounts that do not typically perform them

How to Mitigate CVE-2025-24815

Immediate Actions Required

  • Apply the security update referenced in the Nokia Security Advisory CVE-2025-24815
  • Restrict access to the MantaRay NM management interface to trusted administrative networks only
  • Review all user accounts on the platform and remove or disable unused credentials
  • Inspect upload directories for unauthorized files created before the patch was applied

Patch Information

Nokia has issued a security advisory for CVE-2025-24815. Administrators should consult the Nokia Security Advisory CVE-2025-24815 for fixed versions and upgrade instructions. Apply the vendor-supplied fix in a controlled maintenance window and validate service functionality afterward.

Workarounds

  • Limit access to the file upload functionality to a minimal set of administrator accounts until patching is complete
  • Place the MantaRay NM interface behind a bastion host or VPN to reduce exposure of the local attack surface
  • Enforce strong authentication, including multi-factor authentication where supported, on all management accounts
  • Monitor the platform closely for anomalous upload or process execution activity while remediation is in progress
bash
# Configuration example
# Refer to the Nokia Security Advisory for vendor-specific configuration guidance

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.