Description
Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
Published: 2026-06-30
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in Nokia MantaRay NM is an improper access control flaw that allows an attacker with valid credentials to retrieve sensitive information beyond their assigned permissions. The flaw arises from insufficient authorization checks within the API layer, meaning that the system fails to verify that the authenticated user is allowed to access the requested data. An attacker exploiting this issue can achieve unauthorized disclosure of confidential data, compromising the confidentiality of the system.

Affected Systems

The affected product is Nokia MantaRay NM. No specific version information is provided by the CNA, so all installations of the product are potentially impacted until a vendor‑issued fix is applied.

Risk and Exploitability

The CVE lists a CVSS score of 6.5 and an EPSS score of < 1%, and it is not cataloged in the CISA KEV, indicating either a lack of publicly known exploitation or insufficient data on exploit likelihood. Based on the description, the attack vector is likely an authenticated API request; the attacker must first obtain legitimate credentials, after which they can misuse the access controls to read data they should not see. While the exploit requires authentication, the ability to bypass authorization grants a significant impact by exposing privileged information.

Generated by OpenCVE AI on June 30, 2026 at 16:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch for Nokia MantaRay NM immediately.
  • Review and tighten API access controls to enforce the principle of least privilege, ensuring that each user can only access the data required for their role.
  • Continuously monitor authentication logs and data access patterns for anomalies that could indicate exploitation of similar access‑control weaknesses.

Generated by OpenCVE AI on June 30, 2026 at 16:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 30 Jun 2026 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Nokia
Nokia mantaray Nm
Vendors & Products Nokia
Nokia mantaray Nm

Tue, 30 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 30 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
References

Tue, 30 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Tue, 30 Jun 2026 09:45:00 +0000

Type Values Removed Values Added
Description Nokia MantaRay is subject to an Improper Access Control vulnerability due to insufficient authorization within the API. Successful exploitation could allow an authenticated attacker to retrieve confidential information beyond their assigned privileges.
Title An Improper Access Control vulnerability in Nokia MantaRay NM
References

Subscriptions

Nokia Mantaray Nm
cve-icon MITRE

Status: PUBLISHED

Assigner: Nokia

Published:

Updated: 2026-06-30T13:30:45.148Z

Reserved: 2025-01-24T13:25:43.869Z

Link: CVE-2025-24816

cve-icon Vulnrichment

Updated: 2026-06-30T13:30:40.558Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-30T16:15:06Z

Weaknesses