Skip to main content

CVE-2025-24331: Vulnerability in Nokia Nokia Single RAN

Medium
VulnerabilityCVE-2025-24331cvecve-2025-24331
Published: Wed Jul 02 2025 (07/02/2025, 08:30:19 UTC)
Source: CVE Database V5
Vendor/Project: Nokia
Product: Nokia Single RAN

Description

The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later. Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.

AI-Powered Analysis

AILast updated: 07/02/2025, 08:55:25 UTC

Technical Analysis

CVE-2025-24331 is a privilege escalation vulnerability found in Nokia's Single RAN baseband OAM (Operations, Administration, and Maintenance) service. The OAM service is designed to run as an unprivileged process to limit its access and reduce security risks. However, during its startup sequence, it initially runs with root privileges and assigns certain Linux capabilities before dropping to a lower privilege level. The problem arises because the capabilities retained after the privilege drop remain extensive and allow the service to perform actions beyond its intended scope. Specifically, these capabilities could enable an attacker who gains control of the OAM service to escalate privileges to root, access and modify root-owned files, and then restore their ownership to root, effectively bypassing intended security boundaries. This vulnerability affects all Nokia Single RAN releases prior to version 24R1-SR 0.2 MP, where the issue has been addressed by restricting the OAM service capabilities to the minimum necessary. No known exploits are currently reported in the wild, and no CVSS score has been assigned yet. The vulnerability stems from improper capability management during privilege dropping, a common security pitfall in service design that can lead to unauthorized root access if exploited.

Potential Impact

For European organizations, especially telecom operators and infrastructure providers using Nokia Single RAN equipment, this vulnerability poses a significant risk. Exploitation could allow attackers to gain root-level control over baseband equipment, which is critical for managing radio access networks. This could lead to unauthorized configuration changes, interception or disruption of mobile communications, and potential service outages affecting large user bases. Confidentiality of subscriber data and integrity of network operations could be compromised. Given the critical role of Single RAN in mobile network infrastructure, successful exploitation could impact availability and trust in telecom services. The risk is heightened in environments where network management interfaces are exposed or insufficiently segmented. Although no exploits are known in the wild, the potential impact on national communications infrastructure and critical services makes this a high-priority issue for European telecom operators.

Mitigation Recommendations

Organizations should immediately verify the Nokia Single RAN software version in use and plan to upgrade to version 24R1-SR 0.2 MP or later, where the vulnerability is fixed by minimizing the capabilities retained after privilege dropping. Until the upgrade is applied, network administrators should restrict access to the OAM service interfaces through network segmentation, firewall rules, and strict access controls to limit exposure to potentially malicious actors. Monitoring and logging of OAM service activities should be enhanced to detect unusual behavior indicative of exploitation attempts. Additionally, applying host-based security controls such as SELinux or AppArmor profiles tailored to the OAM service can help enforce least privilege and contain potential misuse. Regular audits of capability assignments and privilege dropping mechanisms in network management software are recommended to prevent similar issues. Finally, coordinate with Nokia support for any interim patches or recommended configuration changes.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Nokia
Date Reserved
2025-01-20T05:33:25.523Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6864f0416f40f0eb729218ac

Added to database: 7/2/2025, 8:39:29 AM

Last enriched: 7/2/2025, 8:55:25 AM

Last updated: 7/7/2025, 9:27:55 PM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats