CVE-2025-24815 - Nokia MantaRay NM

CVE-2025-24815 - Nokia MantaRay NM

Vulnerability Description: Unrestricted Upload of File with Dangerous Type - CWE-434

Software Version: All MantaRay NM versions earlier than 25R1-NM

NISThttps://nvd.nist.gov/vuln/detail/CVE-2025-24815

CVSS:

Severity: 

Credits: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.

Security Impact

When content analysis controls are not applied consistently - or not at all - users are able to upload malicious files without any restriction. This can lead an attacker to spread malware or, under certain conditions, software capable of running code on the remote machine.