Vulnerability Description: Unrestricted Upload of File with Dangerous Type - CWE-434
Software Version: All MantaRay NM versions earlier than 25R1-NM
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-24815
CVSS:
Severity:
Credits: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.
Security Impact
When content analysis controls are not applied consistently - or not at all - users are able to upload malicious files without any restriction. This can lead an attacker to spread malware or, under certain conditions, software capable of running code on the remote machine.