{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24328", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-20T05:33:25.523Z", "datePublished": "2025-07-02T07:39:30.318Z", "dateUpdated": "2025-07-02T13:45:17.927Z"}, "containers": {"cna": {"title": "OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network", "descriptions": [{"lang": "en", "value": "Sending a crafted SOAP \"set\" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nThe OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service."}], "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"version": "All releases prior to 24R1-SR 1.0 MP are affected.", "status": "affected"}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/", "name": "Nokia Security Advisory"}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T07:39:30.318Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-121", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-02T13:41:30.635961Z", "id": "CVE-2025-24328", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:45:17.927Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24328", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-02T13:41:30.635961Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:42:48.640Z"}}], "cna": {"title": "OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network", "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"status": "affected", "version": "All releases prior to 24R1-SR 1.0 MP are affected."}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/", "name": "Nokia Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Sending a crafted SOAP \"set\" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nThe OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T07:39:30.318Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24328", "state": "PUBLISHED", "dateUpdated": "2025-07-02T13:45:17.927Z", "dateReserved": "2025-01-20T05:33:25.523Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2025-07-02T07:39:30.318Z", "assignerShortName": "Nokia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Sending a crafted SOAP \"set\" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.\n\nThe OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service."}, {"lang": "es", "value": "El env\u00edo de un mensaje de operaci\u00f3n SOAP \"set\" manipulado dentro de la red de gesti\u00f3n de la Red de Acceso Radio (RAN) interna del Operador de Red M\u00f3vil (MNO) puede provocar el reinicio del componente del servicio OAM de banda base de Nokia Single RAN con versiones de software anteriores a la versi\u00f3n 24R1-SR 1.0 MP. Este problema se ha corregido para la versi\u00f3n 24R1-SR 1.0 MP y posteriores. El componente del servicio OAM se reinicia autom\u00e1ticamente tras el desbordamiento de pila sin provocar el reinicio de la estaci\u00f3n base ni la degradaci\u00f3n del servicio de red, ni un impacto permanente en el servicio OAM de banda base de Nokia Single RAN."}], "id": "CVE-2025-24328", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-02T08:15:21.477", "references": [{"source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24328/"}], "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}