CVE-2025-24328
📋 TL;DR
A stack overflow vulnerability in Nokia Single RAN baseband OAM service allows attackers to cause service restarts by sending crafted SOAP messages. This affects Mobile Network Operator internal RAN management networks running software versions earlier than 24R1-SR 1.0 MP. The service automatically restarts without permanent damage or network disruption.
💻 Affected Systems
- Nokia Single RAN baseband OAM service
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Repeated exploitation could cause service availability issues through denial-of-service, potentially disrupting RAN management operations.
Likely Case
Temporary OAM service restart with automatic recovery, causing brief management interruption but no network service degradation.
If Mitigated
Minimal impact with proper network segmentation and access controls limiting SOAP message sources.
🎯 Exploit Status
Exploitation requires network access to the OAM service interface and knowledge of SOAP protocol.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24R1-SR 1.0 MP and later
Vendor Advisory: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/
Restart Required: Yes
Instructions:
1. Download update from Nokia support portal. 2. Apply patch following Nokia Single RAN upgrade procedures. 3. Verify service is running version 24R1-SR 1.0 MP or later.
🔧 Temporary Workarounds
Network segmentation and access control
allRestrict access to OAM service SOAP interface to only authorized management systems
SOAP message filtering
allImplement network filtering or WAF rules to block malformed SOAP messages
🧯 If You Can't Patch
- Implement strict network access controls to limit which systems can send SOAP messages to the OAM service
- Monitor for unusual SOAP traffic patterns and OAM service restart events
🔍 How to Verify
Check if Vulnerable:
Check software version via Nokia Single RAN management interface or CLI commandsCheck Version:
Use Nokia-specific CLI commands for Single RAN version checking (vendor-specific)Verify Fix Applied:
Confirm version is 24R1-SR 1.0 MP or later and monitor for OAM service stability📡 Detection & Monitoring
Log Indicators:
- OAM service restart events
- Stack overflow errors in system logs
- Unusual SOAP message patterns
Network Indicators:
- Abnormal SOAP traffic to OAM service port
- Repeated connection attempts to OAM service
SIEM Query:
source="nokia-oam" AND (event_type="service_restart" OR error="stack_overflow")