Skip to main content

CVE-2025-24328: Vulnerability in Nokia Nokia Single RAN

Medium
VulnerabilityCVE-2025-24328cvecve-2025-24328
Published: Wed Jul 02 2025 (07/02/2025, 07:39:30 UTC)
Source: CVE Database V5
Vendor/Project: Nokia
Product: Nokia Single RAN

Description

Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

AI-Powered Analysis

AILast updated: 07/02/2025, 08:09:33 UTC

Technical Analysis

CVE-2025-24328 is a vulnerability identified in Nokia Single RAN baseband equipment, specifically affecting the OAM (Operations, Administration, and Maintenance) service component. The vulnerability arises from the processing of crafted SOAP "set" operation messages within the Mobile Network Operator's internal Radio Access Network (RAN) management network. When an attacker sends a specially crafted SOAP message, it triggers a stack overflow condition in the OAM service component. This overflow causes the OAM service component to restart automatically. Importantly, this restart does not cause a full base station restart nor does it degrade network service, and it leaves no permanent damage to the OAM service. The vulnerability affects all Nokia Single RAN software releases prior to 24R1-SR 1.0 MP, with the issue corrected in release 24R1-SR 1.0 MP and later versions. The vulnerability is exploitable only within the internal RAN management network, implying that an attacker would need access to the MNO's internal network segment managing the RAN. There are no known exploits in the wild at the time of publication. The lack of a CVSS score suggests that the vulnerability has not yet been fully assessed for severity, but the technical details indicate a denial-of-service-like impact limited to the OAM service component restart without broader network disruption.

Potential Impact

For European organizations, particularly Mobile Network Operators deploying Nokia Single RAN infrastructure, this vulnerability could lead to temporary disruption of the OAM service component responsible for managing and maintaining the baseband equipment. Although the base station and overall network service remain unaffected, the OAM service restart could temporarily hinder network management operations, potentially delaying fault detection, configuration changes, or maintenance activities. This could increase operational risk during critical periods or coordinated attacks. Since the vulnerability requires access to the internal RAN management network, the risk is primarily from insider threats or attackers who have already breached internal network defenses. The impact on confidentiality and integrity is minimal as the vulnerability does not appear to allow unauthorized data access or modification. Availability impact is limited to the OAM service component restart, which is automatically recovered. However, repeated exploitation could cause operational inefficiencies and increased maintenance overhead. The absence of permanent damage reduces long-term risk but does not eliminate short-term operational disruption.

Mitigation Recommendations

European MNOs using Nokia Single RAN should prioritize upgrading affected baseband software to release 24R1-SR 1.0 MP or later, where the vulnerability is fixed. Network segmentation and strict access controls should be enforced to limit access to the internal RAN management network, reducing the risk of unauthorized message injection. Implementing robust monitoring and anomaly detection for unusual SOAP message patterns or unexpected OAM service restarts can provide early warning of exploitation attempts. Regular audits of internal network access and credentials should be conducted to mitigate insider threats. Additionally, operators should establish incident response procedures specifically addressing OAM service disruptions to minimize operational impact. Since no known exploits exist, proactive patching and network hardening remain the best defense. Vendors and operators should also monitor Nokia advisories for any updates or additional mitigations.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Nokia
Date Reserved
2025-01-20T05:33:25.523Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6864e5b56f40f0eb72920451

Added to database: 7/2/2025, 7:54:29 AM

Last enriched: 7/2/2025, 8:09:33 AM

Last updated: 7/4/2025, 6:13:17 AM

Views: 7

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats