CVE-2025-24328
OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network

Public disclosure

02-07-2025

Last updated

02-07-2025

Vulnerability type

Buffer Overflow

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

CVSS score

4.2

Description

Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP.

The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet.

The OAM service stack overflow issue can only be caused from within the MNO internal Radio Access Network (RAN) management network. This can occur by sending in RAN management network a crafted SOAP "set" operation that includes a malformed "primaryDocument" parameter, which can cause a stack overflow in the Nokia Single RAN baseband NE3S OAM service (Ne3sadapter) component in releases earlier than 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later.

Affected products and versions

Product

Versions

Nokia Single RAN

All releases prior to 24R1-SR 1.0 MP

Mitigation plan

The fix has been included starting from 24R1-SR 1.0 MP.

Acknowledgements

  • Guillaume Teissier (P1 Security France)
  • Laurent Ghigonis (P1 Security France) 
  • Radu Balaci (Bell Mobility Canada)
  • Meghna Patel (Bell Mobility Canada)
     

References

Change history : Initial version is published on 02-07-2025