CVE-2024-25010 is a high-severity vulnerability affecting Ericsson RAN Compute Basebands (all BB variants) and the Site Controller 6610. The root cause is improper input validation (CWE-20), which can be exploited remotely by an attacker to execute arbitrary code on the affected systems. The vulnerability does not require authentication or user interaction, making it particularly dangerous. The CVSS 3.1 score is 8.8, reflecting high impact on confidentiality, integrity, and availability. The attack vector is adjacent network (AV:A), meaning exploitation requires network access within the same or connected network segment, such as a telecom operator’s internal network or a connected management network. The vulnerability allows an attacker to send specially crafted input to the baseband units or site controllers, bypassing input validation checks, and triggering arbitrary code execution. This could lead to full system compromise, allowing attackers to disrupt mobile network operations, intercept or manipulate traffic, or use the compromised infrastructure as a foothold for further attacks. Ericsson RAN Compute Basebands are critical components in 4G and 5G radio access networks, responsible for processing radio signals and managing base station functions. The Site Controller 6610 similarly plays a key role in network management and orchestration. Given the critical nature of these components, exploitation could severely impact mobile network availability and security. No public exploits are currently known, but the high severity and lack of required privileges make this a significant risk for telecom operators using Ericsson equipment. The vulnerability was published on May 22, 2025, with no patches currently available, increasing the urgency for mitigation and monitoring.

For European organizations, particularly telecom operators and mobile network providers, this vulnerability poses a critical risk. Exploitation could lead to widespread service disruptions affecting millions of mobile users, impacting voice, data, and emergency services. Confidentiality breaches could expose sensitive subscriber data or network management information. Integrity violations could allow attackers to manipulate network traffic or inject malicious code into the network infrastructure. Availability impacts could result in denial of service or degraded network performance. Given the strategic importance of telecommunications infrastructure in Europe for economic, governmental, and emergency services, successful exploitation could have cascading effects on critical infrastructure resilience and national security. Additionally, the vulnerability could be leveraged by threat actors to establish persistent access within telecom networks, facilitating espionage or sabotage. The lack of known exploits currently provides a window for proactive defense, but the high severity and ease of exploitation necessitate immediate attention.

1. Immediate network segmentation and access control: Restrict access to Ericsson RAN Compute Basebands and Site Controller 6610 devices to trusted management networks only, using strict firewall rules and network segmentation to limit exposure. 2. Implement robust monitoring and anomaly detection: Deploy network and host-based intrusion detection systems to monitor for unusual input patterns or unexpected behavior on affected devices. 3. Apply vendor advisories and patches promptly: Although no patches are currently available, maintain close communication with Ericsson for updates and apply patches as soon as they are released. 4. Conduct configuration audits: Review device configurations to disable unnecessary services and interfaces that could be exploited to send malicious input. 5. Employ multi-factor authentication and strong credentials on management interfaces to reduce risk of lateral movement. 6. Develop and test incident response plans specific to telecom infrastructure compromise scenarios. 7. Collaborate with national cybersecurity agencies and telecom regulators to share threat intelligence and coordinate defensive measures. 8. Consider deploying virtual patching or compensating controls at network gateways to filter malicious input until official patches are available.