CVE-2025-7406 - Vulnerability Details

- A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM

Description

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.

Published: 2026-06-30

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

A local attacker who already has administrative privileges on a Nokia MantaRay NM device can exploit a sudo misconfiguration to elevate to full root authority, granting unrestricted access to the host filesystem and the ability to perform any system actions. The flaw directly leads to a loss of confidentiality, integrity and availability because an attacker can modify critical system files, install persistent backdoors or disrupt network services. The weakness is a classic example of improper privilege assignment as documented by its CWE classification (CWE-269).

Affected Systems

Nokia MantaRay NM devices are susceptible to this vulnerability. No specific firmware or software version range is provided, so all current releases should be evaluated against the conditions described. The issue exists wherever the affected administrative accounts are allowed to invoke sudo commands that are not adequately restricted.

Risk and Exploitability

The CVSS score is 7.8, indicating a high severity, while the EPSS score is less than 1%, suggesting a low likelihood of exploitation in general. Attack requires local administrative access and relies on a misconfigured sudo policy, making it readily exploitable on systems where such privilege levels are granted. Its presence provides an attacker with full system control, indicating a high-impact risk profile for any affected environment that has not applied mitigations or vendor patches.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Nokia

MantaRay NM

affected

Version	Status	Constraints
`<NM 25R1-NM`	affected	—
`≥NM 25R1-NM`	unaffected	—

No data.

Vendor Product Confidence Versions

Nokia

Mantaray Nm

100%

Version	Status	Scheme	Platform
`[0,NM 25R1-NM)`	affected	generic	—
`[NM 25R1-NM,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Configure the sudoers file to limit the commands that the affected administrative accounts may execute, ensuring they cannot invoke unrestricted commands or gain root access.
Enable and monitor sudo audit logs to detect any misuse or attempts to abuse privileged commands, and investigate anomalies promptly.
Watch for and apply any Nokia‑released patches or firmware updates that resolve the privilege escalation flaw once they become available.

Generated by OpenCVE AI on June 30, 2026 at 16:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00169.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/

History

Tue, 30 Jun 2026 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nokia Nokia mantaray Nm
Vendors & Products		Nokia Nokia mantaray Nm

Tue, 30 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-269
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Tue, 30 Jun 2026 09:45:00 +0000

Type	Values Removed	Values Added
Description		Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative (local admin) privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute actions as root. The risk can be temporarily mitigated by restricting the set of commands permitted via sudo for the affected accounts.
Title		A Sudo Privilege Escalation Vulnerability in Nokia MantaRay NM
References		https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-7406/

Subscriptions

Nokia Mantaray Nm

MITRE

Status: PUBLISHED

Assigner: Nokia

Published: 2026-06-30T08:59:58.941Z

Updated: 2026-06-30T13:31:51.576Z

Reserved: 2025-07-10T06:10:12.822Z

Link: CVE-2025-7406

Vulnrichment

Updated: 2026-06-30T13:31:47.476Z

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-30T16:15:06Z

Weaknesses

CWE-269
Improper Privilege Management

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object