SOAP Message Input Validation Flaw in Nokia Single RAN Baseband Software
CVE-2025-24335

2LOW

Key Information:

Vendor: Nokia
Status: Nokia Single Ran
Vendor: CVE Published:; 2 July 2025

What is CVE-2025-24335?

Nokia Single RAN baseband software prior to version 24R1-SR 2.1 MP features a vulnerability related to inadequate input validation of SOAP messages. This flaw allows for potential resource exhaustion that could impact the normal operation of the OAM (Operations, Administration, and Maintenance) service. Although no active exploitation has been observed, Nokia has addressed this issue in version 24R1-SR 2.1 MP by implementing robust input validation procedures for SOAP requests, thereby effectively mitigating the risk associated with this vulnerability.

Affected Version(s)

Nokia Single RAN All the releases prior to 24R1-SR 2.1 MP

Nokia Single RAN 24R1-SR 2.1 MP and later

References

https://www.nokia.com/about-us/security-and-privacy/produ...

CVSS V3.1

Score:

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 2, 2025
Vulnerability Reserved
Jan 20, 2025