Information Disclosure Vulnerability in Nokia Single RAN Baseband Software
CVE-2025-24334

3.3LOW

Key Information:

Vendor: Nokia
Status: Nokia Single Ran
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-24334?

The Nokia Single RAN baseband software prior to version 23R2-SR 1.0 MP is susceptible to an information disclosure vulnerability. By sending a crafted HTTP POST request through the Mobile Network Operator's internal RAN management network, an attacker can extract the specific software release version, potentially exposing the system to further attacks. Organizations using affected versions are recommended to upgrade to the latest version to mitigate this risk.

Affected Version(s)

Nokia Single RAN All the releases prior to 23R2-SR 1.0 MP

Nokia Single RAN 23R2-SR 1.0 MP and later

References

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jan 20, 2025