CVE-2025-24333 is a vulnerability identified in Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP. The flaw stems from insufficient input validation in the administrative shell interface, specifically related to the handling of the baseband internal COMA_config.xml file. An authenticated administrative user can exploit this vulnerability by injecting special characters into this configuration file, which leads to the execution of arbitrary commands within the context of the unprivileged baseband Operations, Administration, and Maintenance (OAM) service process. This could allow an attacker with administrative credentials to escalate privileges or execute unauthorized commands on the baseband system, potentially compromising the integrity and availability of the radio access network components managed by Nokia Single RAN. The vulnerability has been addressed starting with release 24R1-SR 1.0 MP by implementing proper input validation to prevent injection of special characters, thereby mitigating the risk of command injection attacks via the COMA_config.xml file. No known exploits are currently reported in the wild, and the vulnerability requires authenticated access, limiting the attack surface to authorized personnel or compromised admin accounts.

For European organizations, particularly telecommunications providers and network operators utilizing Nokia Single RAN infrastructure, this vulnerability poses a significant risk. Exploitation could lead to unauthorized command execution on critical baseband components, potentially disrupting mobile network services, degrading network performance, or enabling further lateral movement within the network. The integrity of network management operations could be compromised, affecting service reliability and availability. Given the essential role of mobile networks in business, emergency services, and governmental communications, any disruption could have wide-reaching consequences. Additionally, unauthorized access to baseband systems could facilitate espionage or sabotage activities, which is a critical concern in the European context where telecom infrastructure is considered critical national infrastructure. The requirement for authenticated access reduces the likelihood of external attackers exploiting this vulnerability directly; however, insider threats or compromised administrative credentials remain a significant risk vector.

European organizations should prioritize upgrading Nokia Single RAN baseband software to version 24R1-SR 1.0 MP or later, where the vulnerability has been patched. Until upgrades are completed, strict access controls must be enforced on administrative interfaces to limit the number of users with administrative privileges. Implement multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. Regularly audit and monitor administrative activities and configuration file changes, especially modifications to COMA_config.xml, to detect any anomalous behavior indicative of exploitation attempts. Network segmentation should be applied to isolate baseband management interfaces from general network access, minimizing exposure. Additionally, organizations should conduct thorough credential hygiene practices, including periodic password changes and monitoring for leaked credentials. Incident response plans should be updated to include scenarios involving baseband system compromise to ensure rapid containment and remediation.