{"api_version":"1","generated_at":"2026-07-03T12:01:55+00:00","cve":"CVE-2025-24816","urls":{"html":"https://cve.report/CVE-2025-24816","api":"https://cve.report/api/cve/CVE-2025-24816.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-24816","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-24816"},"summary":{"title":"An Improper Access Control vulnerability in Nokia MantaRay NM","description":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.","state":"PUBLISHED","assigner":"Nokia","published_at":"2026-06-30 10:16:33","updated_at":"2026-06-30 14:23:38"},"problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"6.5","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/","refsource":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2026-24816/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2026-24816/","refsource":"MITRE","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-24816","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-24816","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"affected <25R2-NM","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"unaffected ≥25R2-NM","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"24816","cve":"CVE-2025-24816","epss":"0.002760000","percentile":"0.193510000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-24816","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-30T13:30:08.532062Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-284","description":"CWE-284 Improper Access Control","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T13:30:45.148Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"MantaRay NM","vendor":"Nokia","versions":[{"status":"affected","version":"<25R2-NM"},{"status":"unaffected","version":"≥25R2-NM"}]}],"descriptions":[{"lang":"en","value":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges."}],"providerMetadata":{"dateUpdated":"2026-06-30T11:40:27.463Z","orgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","shortName":"Nokia"},"references":[{"name":"Nokia Product Security Advisory","url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-24816/"}],"title":"An Improper Access Control vulnerability in Nokia MantaRay NM","x_generator":{"engine":"cveClient/1.0.15"}}},"cveMetadata":{"assignerOrgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","assignerShortName":"Nokia","cveId":"CVE-2025-24816","datePublished":"2026-06-30T08:58:29.484Z","dateReserved":"2025-01-24T13:25:43.869Z","dateUpdated":"2026-06-30T13:30:45.148Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 10:16:33","lastModifiedDate":"2026-06-30 14:23:38","problem_types":["CWE-284","CWE-284 CWE-284 Improper Access Control"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:30:08.532062Z","id":"CVE-2025-24816","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"24816","Ordinal":"1","Title":"An Improper Access Control vulnerability in Nokia MantaRay NM","CVE":"CVE-2025-24816","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"24816","Ordinal":"1","NoteData":"Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.","Type":"Description","Title":"An Improper Access Control vulnerability in Nokia MantaRay NM"}]}}}