PatchSiren cyber security CVE debrief
CVE-2025-24816 Nokia CVE debrief
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges. This vulnerability affects users with access to the API, particularly those managing Nokia MantaRay Nm deployments. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM.
- Vendor
- Nokia
- Product
- MantaRay NM
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-30
- Original CVE updated
- 2026-07-10
- Advisory published
- 2026-06-30
- Advisory updated
- 2026-07-10
Who should care
Users of Nokia MantaRay Nm, especially those with access to the API, should be aware of this vulnerability and take steps to mitigate it. This includes administrators, security teams, and operators responsible for managing affected deployments. Reviewing and restricting API access, monitoring usage, and implementing additional security measures are recommended.
Technical summary
The CVE-2025-24816 vulnerability in Nokia MantaRay Nm is caused by insufficient authorization within the API, allowing authenticated attackers to access confidential information beyond their privileges. The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. Affected systems may be exposed to unauthorized data access, and defenders should prioritize patching or mitigating this vulnerability.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, as it could allow attackers to access sensitive information.
Recommended defensive actions
- Apply the patch or update provided by Nokia to fix the vulnerability.
- Review and restrict API access to ensure that users only have the privileges they need.
- Monitor API usage for suspicious activity.
- Consider implementing additional security measures, such as multi-factor authentication or IP restrictions.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up.
Evidence notes
The CVE record was published on 2026-06-30T10:16:33.617Z and last modified on 2026-07-10T17:08:40.157Z. The NVD entry is currently Analyzed. Evidence is limited to public sources and may not reflect the full scope or impact of the vulnerability. Defenders should verify affected systems and review official advisories for specific guidance.
Official resources
-
CVE-2025-24816 CVE record
CVE.org
-
CVE-2025-24816 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
b48c3b8f-639e-4c16-8725-497bc411dad0 - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-30T10:16:33.617Z and has not been modified since then. The NVD entry is currently Analyzed.