Key Information Vulnerability Identifier CVE ID: CVE-2025-24335 Vulnerability Description Vulnerability Type: Denial of Service CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVSS Score: 2.0 Affected Scope Affected Products and Versions: Nokia Single RAN, all versions prior to 24R1-SR 2.1 MP Vulnerability Details Description: Nokia Single RAN baseband software versions prior to 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which could theoretically lead to exhaustion of resources in a single RAN baseband OAM service. Actual Impact: No actual exploitation of this vulnerability has been detected. However, the issue has been addressed starting from version 24R1-SR 2.1 MP, by implementing sufficient input validation for received SOAP requests, effectively mitigating the reported issue. Exploitability: This vulnerability cannot be exploited from outside the Mobile Network Operator (MNO) internal architecture, such as from User Equipment (UE), roaming networks, or the internet. The reported single RAN baseband software vulnerability can only be attempted by sending malformed SOAP messages within the MNO’s internal Radio Access Network (RAN) management network. Mitigation Measures Fix Plan: The fix has been included starting from version 24R1-SR 2.1 MP. Acknowledgments Guillaume Teissier (P1 Security France) Laurent Chigot (P1 Security France) Radu Balaci (Bell Mobility Canada) Maghna Patel (Bell Mobility Canada) References No specific references listed Timeline Public Disclosure Date: February 7, 2025 Last Updated Date: February 7, 2025