{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24815", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-24T13:25:43.869Z", "datePublished": "2026-06-30T08:55:42.078Z", "dateUpdated": "2026-06-30T13:29:34.489Z"}, "containers": {"cna": {"title": "An unrestricted file upload vulnerability in Nokia MantaRay NM", "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}], "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "versions": [{"version": "<25R2-NM", "status": "affected"}, {"version": "\u226525R2-NM", "status": "unaffected"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-30T11:40:20.157Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-434", "lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:28:43.371983Z", "id": "CVE-2025-24815", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:29:34.489Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24815", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-06-30T13:28:43.371983Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:29:31.163Z"}}], "cna": {"title": "An unrestricted file upload vulnerability in Nokia MantaRay NM", "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "versions": [{"status": "affected", "version": "<25R2-NM"}, {"status": "unaffected", "version": "\u226525R2-NM"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-30T11:40:20.157Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24815", "state": "PUBLISHED", "dateUpdated": "2026-06-30T13:29:34.489Z", "dateReserved": "2025-01-24T13:25:43.869Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2026-06-30T08:55:42.078Z", "assignerShortName": "Nokia"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,25R2-NM)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[25R2-NM,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MantaRay NM", "source": "cna", "vendor": "Nokia"}, "product": "mantaray_nm", "vendor": "nokia"}], "created": "2026-06-30T11:00:05.977625+00:00", "updated": "2026-06-30T15:00:05.807637+00:00", "vendors": ["nokia", "nokia$PRODUCT$mantaray_nm"], "weaknesses": ["CWE-20", "CWE-285"]}