CVE-2025-24330
📋 TL;DR
A path traversal vulnerability in Nokia Single RAN baseband software allows attackers to access unauthorized files or directories by sending crafted SOAP messages with malicious PlanId fields. This affects Mobile Network Operator internal RAN management networks running versions earlier than 24R1-SR 1.0 MP. The vulnerability requires network access to the OAM service interface.
💻 Affected Systems
- Nokia Single RAN baseband software
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Unauthorized access to sensitive configuration files, system files, or credentials stored on the baseband unit, potentially leading to network disruption or lateral movement within the RAN management network.
Likely Case
Information disclosure of configuration files or limited file system access within the baseband software's context, potentially exposing network configuration details.
If Mitigated
No impact if proper input validation is implemented (as in patched versions) or if network segmentation prevents access to the vulnerable interface.
🎯 Exploit Status
Exploitation requires crafting SOAP messages with path traversal sequences in the PlanId field and sending them to the OAM service interface. No authentication appears to be required based on the description.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 24R1-SR 1.0 MP and later
Vendor Advisory: https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24330/
Restart Required: Yes
Instructions:
1. Contact Nokia support for the 24R1-SR 1.0 MP software update. 2. Schedule maintenance window. 3. Apply the update to all affected baseband units. 4. Restart the baseband software/services. 5. Verify the update was successful.
🔧 Temporary Workarounds
Network segmentation
allRestrict access to the OAM service interface to only authorized management systems using firewall rules or network segmentation.
SOAP message filtering
allImplement network-level filtering or WAF rules to block SOAP messages containing path traversal sequences in PlanId fields.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate RAN management networks from other internal networks
- Deploy intrusion detection systems to monitor for SOAP messages with suspicious PlanId patterns
🔍 How to Verify
Check if Vulnerable:
Check the baseband software version. If earlier than 24R1-SR 1.0 MP, the system is vulnerable. Also check if OAM service is accessible on the network.Check Version:
Specific command varies by Nokia Single RAN implementation - consult Nokia documentation or use the system's CLI/management interface version checkVerify Fix Applied:
Verify the software version is 24R1-SR 1.0 MP or later using the system's version command or management interface.📡 Detection & Monitoring
Log Indicators:
- SOAP provision operation messages with unusual PlanId values
- File access errors or unauthorized file access attempts in system logs
- OAM service error messages related to PlanId processing
Network Indicators:
- SOAP messages to OAM service containing '../' sequences or other path traversal patterns in PlanId field
- Unusual file access patterns from baseband units
SIEM Query:
source="oam_service" AND (message="*provision*" AND (PlanId="*../*" OR PlanId="*..\\*" OR PlanId="*%2e%2e%2f*"))