{"api_version":"1","generated_at":"2026-07-03T12:01:55+00:00","cve":"CVE-2025-24815","urls":{"html":"https://cve.report/CVE-2025-24815","api":"https://cve.report/api/cve/CVE-2025-24815.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-24815","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-24815"},"summary":{"title":"An unrestricted file upload vulnerability in Nokia MantaRay NM","description":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.","state":"PUBLISHED","assigner":"Nokia","published_at":"2026-06-30 10:16:32","updated_at":"2026-06-30 14:23:38"},"problem_types":["CWE-434","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/","refsource":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2026-24815/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2026-24815/","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-24815","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24815","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"affected <25R2-NM","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"unaffected ≥25R2-NM","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"24815","cve":"CVE-2025-24815","epss":"0.001510000","percentile":"0.046390000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-24815","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-30T13:28:43.371983Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-434","description":"CWE-434 Unrestricted Upload of File with Dangerous Type","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T13:29:34.489Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"MantaRay NM","vendor":"Nokia","versions":[{"status":"affected","version":"<25R2-NM"},{"status":"unaffected","version":"≥25R2-NM"}]}],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system."}],"providerMetadata":{"dateUpdated":"2026-06-30T11:40:20.157Z","orgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","shortName":"Nokia"},"references":[{"name":"Nokia Product Security Advisory","url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24815/"}],"title":"An unrestricted file upload vulnerability in Nokia MantaRay NM","x_generator":{"engine":"cveClient/1.0.15"}}},"cveMetadata":{"assignerOrgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","assignerShortName":"Nokia","cveId":"CVE-2025-24815","datePublished":"2026-06-30T08:55:42.078Z","dateReserved":"2025-01-24T13:25:43.869Z","dateUpdated":"2026-06-30T13:29:34.489Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 10:16:32","lastModifiedDate":"2026-06-30 14:23:38","problem_types":["CWE-434","CWE-434 CWE-434 Unrestricted Upload of File with Dangerous Type"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:28:43.371983Z","id":"CVE-2025-24815","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"24815","Ordinal":"1","Title":"An unrestricted file upload vulnerability in Nokia MantaRay NM","CVE":"CVE-2025-24815","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"24815","Ordinal":"1","NoteData":"Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system.","Type":"Description","Title":"An unrestricted file upload vulnerability in Nokia MantaRay NM"}]}}}