CVE-2025-24335

02.07.2025, 09:15

Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.

No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	2 LOW	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Nokia	CNA	---				---
CISA-ADP	ADP	2 LOW	ADJACENT_NETWORK	HIGH	HIGH	CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Common Weakness Enumeration

CWE-1287 - Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

References

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/