CVE-2025-24335
BaseFortify
Publication date: 2025-07-02
Last updated on: 2025-07-03
Assigner: Nokia
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a SOAP message input validation flaw in Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP. It could potentially be exploited to cause resource exhaustion in the Single RAN baseband OAM service by sending specially crafted SOAP requests. The flaw has been fixed in version 24R1-SR 2.1 MP by adding proper input validation.
How can this vulnerability impact me? :
If exploited, this vulnerability could lead to resource exhaustion in the Single RAN baseband OAM service, potentially causing service disruption or degraded performance. However, no practical exploit has been detected so far.
What immediate steps should I take to mitigate this vulnerability?
Upgrade the Nokia Single RAN baseband software to version 24R1-SR 2.1 MP or later, as this version includes sufficient input validation for received SOAP requests, effectively mitigating the vulnerability.