CVE-2025-24329: Vulnerability in Nokia Nokia Single RAN
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue.
AI Analysis
Technical Summary
CVE-2025-24329 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The issue arises from a path traversal vulnerability triggered by sending a crafted SOAP 'provision' operation message containing a specially manipulated archive field within the Mobile Network Operator's internal Radio Access Network (RAN) management network. This crafted message exploits insufficient validation or sanitization of archive paths, allowing an attacker to traverse directories and potentially access or overwrite files outside the intended directory scope. The vulnerability specifically affects the OAM (Operations, Administration, and Maintenance) service software component of Nokia Single RAN. Starting with release 24R1-SR 1.0 MP, Nokia mitigated this vulnerability by integrating libarchive APIs with security options enabled, which enforce stricter path validation and prevent path traversal attacks. The vulnerability does not require external network access as it targets the internal MNO RAN management network, implying that an attacker would need access to this internal network segment or compromise a device within it to exploit the flaw. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability's root cause is a classic path traversal flaw in the handling of archive files within SOAP provisioning messages, which could lead to unauthorized file system access or modification, potentially impacting system integrity and availability of the affected baseband software components.
Potential Impact
For European organizations, particularly Mobile Network Operators (MNOs) and telecommunications service providers using Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could allow an attacker with internal network access to manipulate critical baseband software files, potentially leading to service disruption, unauthorized configuration changes, or persistent compromise of RAN components. This could degrade network availability, impact subscriber services, and undermine the integrity of network management operations. Given the critical role of RAN in mobile communications, successful exploitation could affect large user bases and critical communications infrastructure. Additionally, unauthorized access to internal management systems could facilitate further lateral movement within operator networks, increasing the risk of broader compromise. The vulnerability's exploitation requires internal network access, which somewhat limits the attack surface but does not eliminate risk, especially considering insider threats or compromised internal systems. The absence of known exploits in the wild provides a window for proactive mitigation before active attacks emerge.
Mitigation Recommendations
European MNOs and network operators should prioritize upgrading Nokia Single RAN baseband software to release 24R1-SR 1.0 MP or later, where the vulnerability is addressed by secure libarchive API usage. Until patching is complete, operators should enforce strict network segmentation and access controls to limit access to the internal RAN management network, ensuring only authorized personnel and systems can communicate with the OAM service. Implementing robust monitoring and anomaly detection on SOAP provisioning messages can help identify suspicious activity indicative of exploitation attempts. Operators should also conduct thorough audits of existing configurations and file system integrity within affected systems to detect any unauthorized changes. Employing multi-factor authentication and strict role-based access control (RBAC) for management interfaces reduces the risk of insider threats exploiting this vulnerability. Finally, operators should maintain up-to-date incident response plans tailored to telecommunications infrastructure to rapidly address any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland
CVE-2025-24329: Vulnerability in Nokia Nokia Single RAN
Description
Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-24329 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The issue arises from a path traversal vulnerability triggered by sending a crafted SOAP 'provision' operation message containing a specially manipulated archive field within the Mobile Network Operator's internal Radio Access Network (RAN) management network. This crafted message exploits insufficient validation or sanitization of archive paths, allowing an attacker to traverse directories and potentially access or overwrite files outside the intended directory scope. The vulnerability specifically affects the OAM (Operations, Administration, and Maintenance) service software component of Nokia Single RAN. Starting with release 24R1-SR 1.0 MP, Nokia mitigated this vulnerability by integrating libarchive APIs with security options enabled, which enforce stricter path validation and prevent path traversal attacks. The vulnerability does not require external network access as it targets the internal MNO RAN management network, implying that an attacker would need access to this internal network segment or compromise a device within it to exploit the flaw. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability's root cause is a classic path traversal flaw in the handling of archive files within SOAP provisioning messages, which could lead to unauthorized file system access or modification, potentially impacting system integrity and availability of the affected baseband software components.
Potential Impact
For European organizations, particularly Mobile Network Operators (MNOs) and telecommunications service providers using Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could allow an attacker with internal network access to manipulate critical baseband software files, potentially leading to service disruption, unauthorized configuration changes, or persistent compromise of RAN components. This could degrade network availability, impact subscriber services, and undermine the integrity of network management operations. Given the critical role of RAN in mobile communications, successful exploitation could affect large user bases and critical communications infrastructure. Additionally, unauthorized access to internal management systems could facilitate further lateral movement within operator networks, increasing the risk of broader compromise. The vulnerability's exploitation requires internal network access, which somewhat limits the attack surface but does not eliminate risk, especially considering insider threats or compromised internal systems. The absence of known exploits in the wild provides a window for proactive mitigation before active attacks emerge.
Mitigation Recommendations
European MNOs and network operators should prioritize upgrading Nokia Single RAN baseband software to release 24R1-SR 1.0 MP or later, where the vulnerability is addressed by secure libarchive API usage. Until patching is complete, operators should enforce strict network segmentation and access controls to limit access to the internal RAN management network, ensuring only authorized personnel and systems can communicate with the OAM service. Implementing robust monitoring and anomaly detection on SOAP provisioning messages can help identify suspicious activity indicative of exploitation attempts. Operators should also conduct thorough audits of existing configurations and file system integrity within affected systems to detect any unauthorized changes. Employing multi-factor authentication and strict role-based access control (RBAC) for management interfaces reduces the risk of insider threats exploiting this vulnerability. Finally, operators should maintain up-to-date incident response plans tailored to telecommunications infrastructure to rapidly address any exploitation attempts.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Nokia
- Date Reserved
- 2025-01-20T05:33:25.523Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6864f0416f40f0eb729218a6
Added to database: 7/2/2025, 8:39:29 AM
Last enriched: 7/2/2025, 8:55:53 AM
Last updated: 7/6/2025, 2:41:27 PM
Views: 12
Related Threats
CVE-2025-7090: Stack-based Buffer Overflow in Belkin F9K1122
HighCVE-2025-7089: Stack-based Buffer Overflow in Belkin F9K1122
HighCVE-2025-7088: Stack-based Buffer Overflow in Belkin F9K1122
HighCVE-2025-7087: Stack-based Buffer Overflow in Belkin F9K1122
HighCVE-2025-7086: Stack-based Buffer Overflow in Belkin F9K1122
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.