CVE-2025-24328 is a vulnerability identified in Nokia Single RAN baseband equipment, specifically affecting the OAM (Operations, Administration, and Maintenance) service component. The vulnerability arises from the processing of crafted SOAP "set" operation messages within the Mobile Network Operator's internal Radio Access Network (RAN) management network. When an attacker sends a specially crafted SOAP message, it triggers a stack overflow condition in the OAM service component. This overflow causes the OAM service component to restart automatically. Importantly, this restart does not cause a full base station restart nor does it degrade network service, and it leaves no permanent damage to the OAM service. The vulnerability affects all Nokia Single RAN software releases prior to 24R1-SR 1.0 MP, with the issue corrected in release 24R1-SR 1.0 MP and later versions. The vulnerability is exploitable only within the internal RAN management network, implying that an attacker would need access to the MNO's internal network segment managing the RAN. There are no known exploits in the wild at the time of publication. The lack of a CVSS score suggests that the vulnerability has not yet been fully assessed for severity, but the technical details indicate a denial-of-service-like impact limited to the OAM service component restart without broader network disruption.

For European organizations, particularly Mobile Network Operators deploying Nokia Single RAN infrastructure, this vulnerability could lead to temporary disruption of the OAM service component responsible for managing and maintaining the baseband equipment. Although the base station and overall network service remain unaffected, the OAM service restart could temporarily hinder network management operations, potentially delaying fault detection, configuration changes, or maintenance activities. This could increase operational risk during critical periods or coordinated attacks. Since the vulnerability requires access to the internal RAN management network, the risk is primarily from insider threats or attackers who have already breached internal network defenses. The impact on confidentiality and integrity is minimal as the vulnerability does not appear to allow unauthorized data access or modification. Availability impact is limited to the OAM service component restart, which is automatically recovered. However, repeated exploitation could cause operational inefficiencies and increased maintenance overhead. The absence of permanent damage reduces long-term risk but does not eliminate short-term operational disruption.

European MNOs using Nokia Single RAN should prioritize upgrading affected baseband software to release 24R1-SR 1.0 MP or later, where the vulnerability is fixed. Network segmentation and strict access controls should be enforced to limit access to the internal RAN management network, reducing the risk of unauthorized message injection. Implementing robust monitoring and anomaly detection for unusual SOAP message patterns or unexpected OAM service restarts can provide early warning of exploitation attempts. Regular audits of internal network access and credentials should be conducted to mitigate insider threats. Additionally, operators should establish incident response procedures specifically addressing OAM service disruptions to minimize operational impact. Since no known exploits exist, proactive patching and network hardening remain the best defense. Vendors and operators should also monitor Nokia advisories for any updates or additional mitigations.