CVE-2025-24331
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability involves the Single RAN baseband OAM service, which is supposed to run as an unprivileged service. However, it initially starts with root privileges and retains extensive capabilities even after dropping to an unprivileged level. These retained capabilities could allow the service to perform actions beyond its intended scope, such as gaining root privileges, accessing and modifying root-owned files, and then restoring their ownership to root.
How can this vulnerability impact me? :
This vulnerability could allow an attacker or a malicious process to escalate privileges to root, access sensitive root-owned files, and modify them. This could lead to unauthorized control over the system, data tampering, and potential compromise of system integrity and security.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Single RAN baseband OAM service to release 24R1-SR 0.2 MP or later, where the issue has been corrected by restricting the OAM service software capabilities to the minimum necessary.