CVE-2025-24328
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs when a crafted SOAP "set" operation message is sent within the Mobile Network Operator internal Radio Access Network management network. It causes the Nokia Single RAN baseband OAM service component to restart due to a stack overflow in software versions earlier than release 24R1-SR 1.0 MP. The restart happens automatically without causing a base station restart or network service degradation, and it does not leave any permanent impact on the OAM service.
How can this vulnerability impact me? :
The vulnerability can cause the Nokia Single RAN baseband OAM service component to restart unexpectedly. Although this restart does not cause a base station restart or network service degradation and leaves no permanent impact, it may temporarily disrupt management operations within the Radio Access Network.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the Nokia Single RAN baseband software to release 24R1-SR 1.0 MP or later, as the issue has been corrected in these versions.