CVE-2025-24330
OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network

Public disclosure

02-07-2025

Last updated

02-07-2025

Vulnerability type

Path Traversal

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS score

6.4

Description

Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP.

The OAM service path traversal issue can only be caused from within the MNO internal Radio Access Network (RAN) management network. This can occur by sending in RAN management network a crafted SOAP "provision" operation that includes a crafted planId field. This action can cause the path traversal issue in software versions earlier than release 24R1-SR 1.0 MP.

This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet. Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue. 

Affected products and versions

Product

Versions

Nokia Single RAN

All releases prior to 24R1-SR 1.0 MP

Mitigation plan

The fix has been included starting from 24R1-SR 1.0 MP.

Acknowledgements

  • Guillaume Teissier (P1 Security France)
  • Laurent Ghigonis (P1 Security France) 
  • Radu Balaci (Bell Mobility Canada)
  • Meghna Patel (Bell Mobility Canada)
     

References

Change history : Initial version is published on 02-07-2025