CVE-2025-24815
An unrestricted file upload vulnerability in Nokia MantaRay NM

Public disclosure	30-06-2026
Last updated	30-06-2026
Vulnerability type	Unrestricted Upload of File with Dangerous Type
CVSS vector	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CVSS score	8.4

Description

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.

Affected products and versions

All MantaRay versions earlier than 25R2-NM (exclusive).

Mitigation plan

Fixes have been provided in MantaRay NM 25R2-NM and later releases.

Acknowledgements

Andrea Carlo Maria Dattola (TIM Security Red Team Research)
Cristina Coppola (TIM Security Red Team Research)
Carlo Pannullo (TIM Security Red Team Research)
Massimiliano Brolli (TIM Security Red Team Research)

Select your country

CVE-2025-24815
An unrestricted file upload vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

Select your country

CVE-2025-24815An unrestricted file upload vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

CVE-2025-24815
An unrestricted file upload vulnerability in Nokia MantaRay NM