CVE-2025-24330
OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network
Public disclosure |
02-07-2025 |
|---|---|
Last updated |
02-07-2025 |
Vulnerability type |
Path Traversal |
CVSS vector |
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
CVSS score |
6.4 |
Description
Sending a crafted SOAP "provision" operation message PlanId field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP.
The OAM service path traversal issue can only be caused from within the MNO internal Radio Access Network (RAN) management network. This can occur by sending in RAN management network a crafted SOAP "provision" operation that includes a crafted planId field. This action can cause the path traversal issue in software versions earlier than release 24R1-SR 1.0 MP.
This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet. Beginning with release 24R1-SR 1.0 MP, the OAM service software performed PlanId field input validations mitigate the reported path traversal issue.
Affected products and versions
Product |
Versions |
|---|---|
Nokia Single RAN |
All releases prior to 24R1-SR 1.0 MP |
Mitigation plan
The fix has been included starting from 24R1-SR 1.0 MP.
Acknowledgements
- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)
References
Change history : Initial version is published on 02-07-2025