Vulnerability Description: Incorrect Permission Assignment for Critical Resource- CWE-732
Software Version: All MantaRay NM versions earlier than 25R1-NM
NIST: https://nvd.nist.gov/vuln/detail/CVE-2025-7406
CVSS:
Severity:
Credits: Andrea Carlo Maria Dattola, Cristina Coppola, Carlo Pannullo, Massimiliano Brolli
Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
Security Impact
Successful exploitation results in root-level access to the filesystem and the ability to execute commands as root.