CVE-2025-24816
An Improper Access Control vulnerability in Nokia MantaRay NM

Public disclosure	30-06-2026
Last updated	30-06-2026
Vulnerability type	Improper Access Control
CVSS vector	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVSS score	6.8

Description

Nokia MantaRay NM is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.

Affected products and versions

All MantaRay versions earlier than 25R2-NM (exclusive).

Mitigation plan

Fixes have been provided in MantaRay NM 25R2-NM and later releases.

Acknowledgements

Andrea Carlo Maria Dattola (TIM Security Red Team Research)
Cristina Coppola (TIM Security Red Team Research)
Carlo Pannullo (TIM Security Red Team Research)
Massimiliano Brolli (TIM Security Red Team Research)

Select your country

CVE-2025-24816
An Improper Access Control vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

Select your country

CVE-2025-24816An Improper Access Control vulnerability in Nokia MantaRay NM

Description

Affected products and versions

Mitigation plan

Acknowledgements

References

MantaRay NM

CVE-2025-24816
An Improper Access Control vulnerability in Nokia MantaRay NM