CVE-2025-24329 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The issue arises from a path traversal vulnerability triggered by sending a crafted SOAP 'provision' operation message containing a specially manipulated archive field within the Mobile Network Operator's internal Radio Access Network (RAN) management network. This crafted message exploits insufficient validation or sanitization of archive paths, allowing an attacker to traverse directories and potentially access or overwrite files outside the intended directory scope. The vulnerability specifically affects the OAM (Operations, Administration, and Maintenance) service software component of Nokia Single RAN. Starting with release 24R1-SR 1.0 MP, Nokia mitigated this vulnerability by integrating libarchive APIs with security options enabled, which enforce stricter path validation and prevent path traversal attacks. The vulnerability does not require external network access as it targets the internal MNO RAN management network, implying that an attacker would need access to this internal network segment or compromise a device within it to exploit the flaw. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability's root cause is a classic path traversal flaw in the handling of archive files within SOAP provisioning messages, which could lead to unauthorized file system access or modification, potentially impacting system integrity and availability of the affected baseband software components.

For European organizations, particularly Mobile Network Operators (MNOs) and telecommunications service providers using Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could allow an attacker with internal network access to manipulate critical baseband software files, potentially leading to service disruption, unauthorized configuration changes, or persistent compromise of RAN components. This could degrade network availability, impact subscriber services, and undermine the integrity of network management operations. Given the critical role of RAN in mobile communications, successful exploitation could affect large user bases and critical communications infrastructure. Additionally, unauthorized access to internal management systems could facilitate further lateral movement within operator networks, increasing the risk of broader compromise. The vulnerability's exploitation requires internal network access, which somewhat limits the attack surface but does not eliminate risk, especially considering insider threats or compromised internal systems. The absence of known exploits in the wild provides a window for proactive mitigation before active attacks emerge.

European MNOs and network operators should prioritize upgrading Nokia Single RAN baseband software to release 24R1-SR 1.0 MP or later, where the vulnerability is addressed by secure libarchive API usage. Until patching is complete, operators should enforce strict network segmentation and access controls to limit access to the internal RAN management network, ensuring only authorized personnel and systems can communicate with the OAM service. Implementing robust monitoring and anomaly detection on SOAP provisioning messages can help identify suspicious activity indicative of exploitation attempts. Operators should also conduct thorough audits of existing configurations and file system integrity within affected systems to detect any unauthorized changes. Employing multi-factor authentication and strict role-based access control (RBAC) for management interfaces reduces the risk of insider threats exploiting this vulnerability. Finally, operators should maintain up-to-date incident response plans tailored to telecommunications infrastructure to rapidly address any exploitation attempts.