CVE-2025-24335

LOW

Nokia Single RAN <24R1-SR 2.1 MP - DoS

Title source: llm

Description

Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service. No practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue.

References (1)

[Various Sources] https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/

Scores

CVSS v3 2.0

EPSS 0.0003

EPSS Percentile 7.1%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-1287

Status draft

Timeline

Published Jul 02, 2025

Tracked Since Feb 18, 2026