CVE-2025-24335

LOW

Nokia Single RAN <24R1-SR 2.1 MP - DoS

Title source: llm

Description

Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.

References (1)

[Various Sources] https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/

Scores

CVSS v3 2.0

EPSS 0.0009

EPSS Percentile 24.9%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287

Status published

Products (2)

Nokia/Nokia Single RAN 24R1-SR 2.1 MP and later

Nokia/Nokia Single RAN All the releases prior to 24R1-SR 2.1 MP

Published Jul 02, 2025

Tracked Since Feb 18, 2026