CVE-2025-24333: Vulnerability in Nokia Nokia Single RAN
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.
AI Analysis
Technical Summary
CVE-2025-24333 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The flaw stems from insufficient input validation in the administrative shell interface, specifically related to the handling of the baseband internal COMA_config.xml file. An authenticated administrative user can exploit this vulnerability by injecting special characters into this configuration file, which leads to the execution of arbitrary commands within the context of the unprivileged baseband Operations, Administration, and Maintenance (OAM) service process. This could allow an attacker with administrative credentials to escalate privileges or execute unauthorized commands on the baseband system, potentially compromising the integrity and availability of the radio access network components managed by Nokia Single RAN. The vulnerability has been addressed starting with release 24R1-SR 1.0 MP by implementing proper input validation to prevent injection of special characters, thereby mitigating the risk of command injection attacks via the COMA_config.xml file. No known exploits are currently reported in the wild, and the vulnerability requires authenticated access, limiting the attack surface to authorized personnel or compromised admin accounts.
Potential Impact
For European organizations, particularly telecommunications providers and network operators utilizing Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could lead to unauthorized command execution on critical baseband components, potentially disrupting mobile network services, degrading network performance, or enabling further lateral movement within the network. The integrity of network management operations could be compromised, affecting service reliability and availability. Given the essential role of mobile networks in business, emergency services, and governmental communications, any disruption could have wide-reaching consequences. Additionally, unauthorized access to baseband systems could facilitate espionage or sabotage activities, which is a critical concern in the European context where telecom infrastructure is considered critical national infrastructure. The requirement for authenticated access reduces the likelihood of external attackers exploiting this vulnerability directly; however, insider threats or compromised administrative credentials remain a significant risk vector.
Mitigation Recommendations
European organizations should prioritize upgrading Nokia Single RAN baseband software to version 24R1-SR 1.0 MP or later, where the vulnerability has been patched. Until upgrades are completed, strict access controls must be enforced on administrative interfaces to limit the number of users with administrative privileges. Implement multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. Regularly audit and monitor administrative activities and configuration file changes, especially modifications to COMA_config.xml, to detect any anomalous behavior indicative of exploitation attempts. Network segmentation should be applied to isolate baseband management interfaces from general network access, minimizing exposure. Additionally, organizations should conduct thorough credential hygiene practices, including periodic password changes and monitoring for leaked credentials. Incident response plans should be updated to include scenarios involving baseband system compromise to ensure rapid containment and remediation.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland, Belgium
CVE-2025-24333: Vulnerability in Nokia Nokia Single RAN
Description
Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file. This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.
AI-Powered Analysis
Technical Analysis
CVE-2025-24333 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The flaw stems from insufficient input validation in the administrative shell interface, specifically related to the handling of the baseband internal COMA_config.xml file. An authenticated administrative user can exploit this vulnerability by injecting special characters into this configuration file, which leads to the execution of arbitrary commands within the context of the unprivileged baseband Operations, Administration, and Maintenance (OAM) service process. This could allow an attacker with administrative credentials to escalate privileges or execute unauthorized commands on the baseband system, potentially compromising the integrity and availability of the radio access network components managed by Nokia Single RAN. The vulnerability has been addressed starting with release 24R1-SR 1.0 MP by implementing proper input validation to prevent injection of special characters, thereby mitigating the risk of command injection attacks via the COMA_config.xml file. No known exploits are currently reported in the wild, and the vulnerability requires authenticated access, limiting the attack surface to authorized personnel or compromised admin accounts.
Potential Impact
For European organizations, particularly telecommunications providers and network operators utilizing Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could lead to unauthorized command execution on critical baseband components, potentially disrupting mobile network services, degrading network performance, or enabling further lateral movement within the network. The integrity of network management operations could be compromised, affecting service reliability and availability. Given the essential role of mobile networks in business, emergency services, and governmental communications, any disruption could have wide-reaching consequences. Additionally, unauthorized access to baseband systems could facilitate espionage or sabotage activities, which is a critical concern in the European context where telecom infrastructure is considered critical national infrastructure. The requirement for authenticated access reduces the likelihood of external attackers exploiting this vulnerability directly; however, insider threats or compromised administrative credentials remain a significant risk vector.
Mitigation Recommendations
European organizations should prioritize upgrading Nokia Single RAN baseband software to version 24R1-SR 1.0 MP or later, where the vulnerability has been patched. Until upgrades are completed, strict access controls must be enforced on administrative interfaces to limit the number of users with administrative privileges. Implement multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. Regularly audit and monitor administrative activities and configuration file changes, especially modifications to COMA_config.xml, to detect any anomalous behavior indicative of exploitation attempts. Network segmentation should be applied to isolate baseband management interfaces from general network access, minimizing exposure. Additionally, organizations should conduct thorough credential hygiene practices, including periodic password changes and monitoring for leaked credentials. Incident response plans should be updated to include scenarios involving baseband system compromise to ensure rapid containment and remediation.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Nokia
- Date Reserved
- 2025-01-20T05:33:25.524Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6864f0416f40f0eb729218b2
Added to database: 7/2/2025, 8:39:29 AM
Last enriched: 7/2/2025, 8:54:59 AM
Last updated: 7/5/2025, 12:17:28 AM
Views: 11
Related Threats
CVE-2025-7525: Command Injection in TOTOLINK T6
MediumCVE-2025-7524: Command Injection in TOTOLINK T6
MediumCVE-2025-7012: CWE-59 Improper Link Resolution Before File Access ('Link Following') in Cato Networks Cato Client
HighCVE-2025-7523: XML External Entity Reference in Jinher OA
MediumCVE-2025-7522: SQL Injection in PHPGurukul Vehicle Parking Management System
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.