CVE-2025-24330 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The issue arises from improper input validation of the PlanId field within a crafted SOAP 'provision' operation message sent over the Mobile Network Operator's internal Radio Access Network (RAN) management network. Specifically, this vulnerability allows a path traversal attack, where an attacker can manipulate the PlanId field to traverse directories on the underlying file system. This can potentially lead to unauthorized access or modification of files outside the intended directory scope. The vulnerability is rooted in the OAM (Operations, Administration, and Maintenance) service software's failure to properly validate input parameters before processing them. Starting with release 24R1-SR 1.0 MP, Nokia has implemented input validation on the PlanId field to mitigate this path traversal issue. The vulnerability affects all releases prior to this patched version. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability is exploitable within the MNO internal RAN management network, implying that an attacker would require access to this internal network segment to exploit the flaw. The path traversal could allow attackers to access sensitive configuration files or system components, potentially leading to further compromise of the RAN infrastructure or disruption of network services.

For European organizations, particularly Mobile Network Operators and telecommunications providers using Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could lead to unauthorized access to critical RAN management files, potentially enabling attackers to alter network configurations, disrupt service availability, or gain footholds for further lateral movement within the operator's network. Given the critical role of RAN in mobile communications, any disruption or compromise could impact service continuity, affecting millions of subscribers and critical communications services. Additionally, unauthorized access to configuration files could expose sensitive operational data, impacting confidentiality and integrity. The internal nature of the attack vector limits exposure to insiders or attackers who have already breached perimeter defenses, but the potential impact on network stability and security remains high. This could also have regulatory implications under European data protection and telecommunications regulations if service disruptions or data breaches occur.

To mitigate this vulnerability, European MNOs and network operators should prioritize upgrading Nokia Single RAN baseband software to release 24R1-SR 1.0 MP or later, where the input validation for the PlanId field is implemented. Until the upgrade is applied, operators should enforce strict network segmentation and access controls to limit access to the internal RAN management network, ensuring only authorized personnel and systems can communicate with the OAM service. Implementing robust monitoring and anomaly detection on SOAP provisioning messages can help identify suspicious or malformed requests indicative of exploitation attempts. Additionally, operators should conduct regular audits of file system integrity and access logs on RAN management systems to detect unauthorized access or modifications. Employing multi-factor authentication and strong credential management for accessing the RAN management network further reduces the risk of unauthorized exploitation. Finally, operators should engage with Nokia support for any available patches, workarounds, or additional guidance specific to their deployment.