{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-24816", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-24T13:25:43.869Z", "datePublished": "2026-06-30T08:58:29.484Z", "dateUpdated": "2026-06-30T13:30:45.148Z"}, "containers": {"cna": {"title": "An Improper Access Control vulnerability in Nokia MantaRay NM", "descriptions": [{"lang": "en", "value": "Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}], "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "versions": [{"version": "<25R2-NM", "status": "affected"}, {"version": "\u226525R2-NM", "status": "unaffected"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-30T11:40:27.463Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-30T13:30:08.532062Z", "id": "CVE-2025-24816", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:30:45.148Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24816", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-30T13:30:08.532062Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-30T13:30:40.558Z"}}], "cna": {"title": "An Improper Access Control vulnerability in Nokia MantaRay NM", "affected": [{"vendor": "Nokia", "product": "MantaRay NM", "versions": [{"status": "affected", "version": "<25R2-NM"}, {"status": "unaffected", "version": "\u226525R2-NM"}]}], "references": [{"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/", "name": "Nokia Product Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2026-06-30T11:40:27.463Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24816", "state": "PUBLISHED", "dateUpdated": "2026-06-30T13:30:45.148Z", "dateReserved": "2025-01-24T13:25:43.869Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2026-06-30T08:58:29.484Z", "assignerShortName": "Nokia"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,25R2-NM)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[25R2-NM,*]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "MantaRay NM", "source": "cna", "vendor": "Nokia"}, "product": "mantaray_nm", "vendor": "nokia"}], "created": "2026-06-30T10:30:11.486089+00:00", "updated": "2026-06-30T14:45:14.497359+00:00", "vendors": ["nokia", "nokia$PRODUCT$mantaray_nm"], "weaknesses": ["CWE-284"]}