CVE-2025-24816
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk7th percentile — higher than 7% of all known CVEs
Summary
Nokia MantaRay is affected by an Improper Access Control vulnerability due to insufficient authorization in the API. An authenticated attacker can retrieve confidential information beyond their assigned privileges.
Risk Assessment
The organization risks exposure of sensitive data, including network configurations or customer information, potentially leading to confidentiality breaches and regulatory non-compliance.
Recommendation
Apply the security update provided by the vendor immediately and review and strengthen API authorization mechanisms.
Original NVD description (English source)
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.

