← volver
CVE-2025-24330

OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network

CVSS 6.4 MEDIUMEPSS 0.2%CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.4EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
02 jul 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue.
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Nokia · Nokia Single RAN

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24330/