CVE-2025-24334: Vulnerability in Nokia Nokia Single RAN
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
AI Analysis
Technical Summary
CVE-2025-24334 is a vulnerability identified in Nokia's Single RAN baseband software versions prior to 23R2-SR 1.0 MP. The vulnerability allows an attacker to obtain the exact software release version of the affected Nokia Single RAN baseband by sending a specially crafted HTTP POST request through the Mobile Network Operator's (MNO) internal Radio Access Network (RAN) management network. This disclosure of software version information can aid attackers in reconnaissance efforts, enabling them to tailor subsequent attacks or exploit other vulnerabilities specific to that software version. The vulnerability requires access to the internal RAN management network, which is typically restricted and not exposed to the public internet, thus limiting the attack surface. No known exploits are currently reported in the wild, and no CVSS score has been assigned to this vulnerability. The absence of authentication or user interaction requirements is not explicitly stated, but given the need to send HTTP POST requests within the internal network, it implies that the attacker must have some level of network access or insider capability. While the vulnerability itself does not directly compromise confidentiality, integrity, or availability, it can be leveraged as part of a larger attack chain by providing critical information about the network infrastructure. This vulnerability highlights the importance of securing internal management networks and limiting access to sensitive network components.
Potential Impact
For European organizations, particularly Mobile Network Operators (MNOs) and telecommunications providers using Nokia Single RAN baseband equipment, this vulnerability could facilitate targeted reconnaissance by threat actors. By revealing precise software versions, attackers can identify unpatched or outdated systems and plan more effective attacks, potentially leading to service disruptions or data breaches if combined with other exploits. Although the vulnerability itself does not directly cause service degradation or data leakage, it increases the risk profile of the affected networks. Given the critical role of RAN infrastructure in mobile communications, any compromise or exploitation stemming from this vulnerability could impact network reliability and customer trust. Additionally, European telecom providers are subject to stringent regulatory requirements (e.g., GDPR, NIS Directive) that mandate robust security controls; thus, even indirect vulnerabilities like this one can have compliance implications. The threat is more significant in environments where internal network segmentation or access controls are weak, increasing the likelihood of unauthorized access to the RAN management network.
Mitigation Recommendations
To mitigate this vulnerability, European MNOs and telecom operators should implement strict access controls and network segmentation to ensure that the RAN management network is isolated from general corporate and public networks. Employing strong authentication mechanisms and monitoring for unusual HTTP POST requests within the internal network can help detect and prevent exploitation attempts. Operators should prioritize upgrading Nokia Single RAN baseband software to version 23R2-SR 1.0 MP or later, where this vulnerability is addressed. In the absence of an official patch, applying compensating controls such as limiting administrative access to trusted personnel, using VPNs with multi-factor authentication for remote access, and conducting regular security audits of the RAN management infrastructure are recommended. Additionally, implementing intrusion detection systems (IDS) tailored to recognize anomalous management traffic patterns can provide early warnings of reconnaissance activities. Maintaining an up-to-date asset inventory and vulnerability management program will also aid in timely identification and remediation of such issues.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland, Belgium
CVE-2025-24334: Vulnerability in Nokia Nokia Single RAN
Description
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
AI-Powered Analysis
Technical Analysis
CVE-2025-24334 is a vulnerability identified in Nokia's Single RAN baseband software versions prior to 23R2-SR 1.0 MP. The vulnerability allows an attacker to obtain the exact software release version of the affected Nokia Single RAN baseband by sending a specially crafted HTTP POST request through the Mobile Network Operator's (MNO) internal Radio Access Network (RAN) management network. This disclosure of software version information can aid attackers in reconnaissance efforts, enabling them to tailor subsequent attacks or exploit other vulnerabilities specific to that software version. The vulnerability requires access to the internal RAN management network, which is typically restricted and not exposed to the public internet, thus limiting the attack surface. No known exploits are currently reported in the wild, and no CVSS score has been assigned to this vulnerability. The absence of authentication or user interaction requirements is not explicitly stated, but given the need to send HTTP POST requests within the internal network, it implies that the attacker must have some level of network access or insider capability. While the vulnerability itself does not directly compromise confidentiality, integrity, or availability, it can be leveraged as part of a larger attack chain by providing critical information about the network infrastructure. This vulnerability highlights the importance of securing internal management networks and limiting access to sensitive network components.
Potential Impact
For European organizations, particularly Mobile Network Operators (MNOs) and telecommunications providers using Nokia Single RAN baseband equipment, this vulnerability could facilitate targeted reconnaissance by threat actors. By revealing precise software versions, attackers can identify unpatched or outdated systems and plan more effective attacks, potentially leading to service disruptions or data breaches if combined with other exploits. Although the vulnerability itself does not directly cause service degradation or data leakage, it increases the risk profile of the affected networks. Given the critical role of RAN infrastructure in mobile communications, any compromise or exploitation stemming from this vulnerability could impact network reliability and customer trust. Additionally, European telecom providers are subject to stringent regulatory requirements (e.g., GDPR, NIS Directive) that mandate robust security controls; thus, even indirect vulnerabilities like this one can have compliance implications. The threat is more significant in environments where internal network segmentation or access controls are weak, increasing the likelihood of unauthorized access to the RAN management network.
Mitigation Recommendations
To mitigate this vulnerability, European MNOs and telecom operators should implement strict access controls and network segmentation to ensure that the RAN management network is isolated from general corporate and public networks. Employing strong authentication mechanisms and monitoring for unusual HTTP POST requests within the internal network can help detect and prevent exploitation attempts. Operators should prioritize upgrading Nokia Single RAN baseband software to version 23R2-SR 1.0 MP or later, where this vulnerability is addressed. In the absence of an official patch, applying compensating controls such as limiting administrative access to trusted personnel, using VPNs with multi-factor authentication for remote access, and conducting regular security audits of the RAN management infrastructure are recommended. Additionally, implementing intrusion detection systems (IDS) tailored to recognize anomalous management traffic patterns can provide early warnings of reconnaissance activities. Maintaining an up-to-date asset inventory and vulnerability management program will also aid in timely identification and remediation of such issues.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Nokia
- Date Reserved
- 2025-01-20T05:33:25.524Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6864f0416f40f0eb729218b5
Added to database: 7/2/2025, 8:39:29 AM
Last enriched: 7/2/2025, 8:54:47 AM
Last updated: 7/3/2025, 6:45:54 PM
Views: 11
Related Threats
CVE-2025-5372: Incorrect Calculation in Red Hat Red Hat Enterprise Linux 10
MediumCVE-2025-6944: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in undsgn Uncode Core
MediumCVE-2025-7053: Cross Site Scripting in Cockpit
MediumCVE-2025-7046: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in dotrex Portfolio for Elementor & Image Gallery | PowerFolio
MediumCVE-2025-6814: CWE-862 Missing Authorization in dunskii Booking X – Appointment and Reservation Availability Calendar
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.