CVE-2025-24328

Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/

Configurations

No configuration.

History

03 Jul 2025, 15:13

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-02 08:15

Updated : 2025-07-03 15:13

NVD link : CVE-2025-24328

Mitre link : CVE-2025-24328

CVE.ORG link : CVE-2025-24328

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-24328", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2025-07-02T08:15:21.477", "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/", "source": "b48c3b8f-639e-4c16-8725-497bc411dad0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "Sending a crafted SOAP \"set\" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nThe OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service."}, {"lang": "es", "value": "El env\u00edo de un mensaje de operaci\u00f3n SOAP \"set\" manipulado dentro de la red de gesti\u00f3n de la Red de Acceso Radio (RAN) interna del Operador de Red M\u00f3vil (MNO) puede provocar el reinicio del componente del servicio OAM de banda base de Nokia Single RAN con versiones de software anteriores a la versi\u00f3n 24R1-SR 1.0 MP. Este problema se ha corregido para la versi\u00f3n 24R1-SR 1.0 MP y posteriores. El componente del servicio OAM se reinicia autom\u00e1ticamente tras el desbordamiento de pila sin provocar el reinicio de la estaci\u00f3n base ni la degradaci\u00f3n del servicio de red, ni un impacto permanente en el servicio OAM de banda base de Nokia Single RAN."}], "lastModified": "2025-07-03T15:13:53.147", "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0"}