CVE-2025-24328

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24328
Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

4.2 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/
Configurations

No configuration.

History

02 Jul 2025, 14:15

Type Values Removed Values Added
CWE CWE-121
Summary
  • (es) El envío de un mensaje de operación SOAP "set" manipulado dentro de la red de gestión de la Red de Acceso Radio (RAN) interna del Operador de Red Móvil (MNO) puede provocar el reinicio del componente del servicio OAM de banda base de Nokia Single RAN con versiones de software anteriores a la versión 24R1-SR 1.0 MP. Este problema se ha corregido para la versión 24R1-SR 1.0 MP y posteriores. El componente del servicio OAM se reinicia automáticamente tras el desbordamiento de pila sin provocar el reinicio de la estación base ni la degradación del servicio de red, ni un impacto permanente en el servicio OAM de banda base de Nokia Single RAN.
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.2

02 Jul 2025, 08:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-07-02 08:15

Updated : 2025-07-03 15:13

NVD link : CVE-2025-24328

Mitre link : CVE-2025-24328

CVE.ORG link : CVE-2025-24328

JSON object : View

Products Affected

No product.

CWE
CWE-121

Stack-based Buffer Overflow