{"api_version":"1","generated_at":"2026-07-03T12:01:45+00:00","cve":"CVE-2025-7406","urls":{"html":"https://cve.report/CVE-2025-7406","api":"https://cve.report/api/cve/CVE-2025-7406.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-7406","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-7406"},"summary":{"title":"A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM","description":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.","state":"PUBLISHED","assigner":"Nokia","published_at":"2026-06-30 10:16:33","updated_at":"2026-06-30 14:23:38"},"problem_types":["CWE-269","CWE-269 CWE-269 Improper Privilege Management"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"7.8","severity":"HIGH","vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"}}],"references":[{"url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/","name":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/","refsource":"b48c3b8f-639e-4c16-8725-497bc411dad0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-7406","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-7406","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"affected <NM 25R1-NM","platforms":[]},{"source":"CNA","vendor":"Nokia","product":"MantaRay NM","version":"unaffected ≥NM 25R1-NM","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"7406","cve":"CVE-2025-7406","epss":"0.001280000","percentile":"0.027920000","score_date":"2026-07-02","updated_at":"2026-07-03 00:06:13"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-7406","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","timestamp":"2026-06-30T13:31:19.958711Z","version":"2.0.3"},"type":"ssvc"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269 Improper Privilege Management","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-30T13:31:51.576Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"product":"MantaRay NM","vendor":"Nokia","versions":[{"status":"affected","version":"<NM 25R1-NM"},{"status":"unaffected","version":"≥NM 25R1-NM"}]}],"descriptions":[{"lang":"en","value":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts."}],"providerMetadata":{"dateUpdated":"2026-06-30T08:59:58.941Z","orgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","shortName":"Nokia"},"references":[{"name":"Nokia Product Security Advisory","url":"https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/"}],"title":"A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM","x_generator":{"engine":"cveClient/1.0.15"}}},"cveMetadata":{"assignerOrgId":"b48c3b8f-639e-4c16-8725-497bc411dad0","assignerShortName":"Nokia","cveId":"CVE-2025-7406","datePublished":"2026-06-30T08:59:58.941Z","dateReserved":"2025-07-10T06:10:12.822Z","dateUpdated":"2026-06-30T13:31:51.576Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-30 10:16:33","lastModifiedDate":"2026-06-30 14:23:38","problem_types":["CWE-269","CWE-269 CWE-269 Improper Privilege Management"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-30T13:31:19.958711Z","id":"CVE-2025-7406","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"7406","Ordinal":"1","Title":"A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM","CVE":"CVE-2025-7406","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"7406","Ordinal":"1","NoteData":"Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.","Type":"Description","Title":"A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM"}]}}}