CVE-2025-24328

MEDIUM

Nokia Single RAN <24R1-SR 1.0 MP - Buffer Overflow

Title source: llm

Description

Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

References (1)

Core 1

Core References

Various Sources

https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/

Scores

CVSS v3 4.2

EPSS 0.0017

EPSS Percentile 6.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-121

Status published

Products (1)

Nokia/Nokia Single RAN All releases prior to 24R1-SR 1.0 MP are affected.

Published Jul 02, 2025

Tracked Since Feb 18, 2026