Vulnerability in Single RAN Baseband OAM Service by Nokia
CVE-2025-24331

6.4MEDIUM

Key Information:

Vendor: Nokia
Status: Nokia Single Ran
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-24331?

The Single RAN baseband OAM service was originally designed to operate with unprivileged access; however, it erroneously launches with root privileges and retains excessive capabilities even after dropping to an unprivileged state. This oversight could permit unauthorized actions, such as gaining root access, modifying root-owned files, and potentially returning them to root ownership. This vulnerability has been mitigated in versions starting from 24R1-SR 0.2 MP, where the OAM service's capabilities are now limited to the essential minimum.

Affected Version(s)

Nokia Single RAN All the releases prior to 24R1-SR 0.2 MP

Nokia Single RAN 24R1-SR 0.2 MP and later

References

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jan 20, 2025