CVE-2025-24334
The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network

Public disclosure

02-07-2025

Last updated

02-07-2025

Vulnerability type

Information Disclosure

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS score

3.3

Description

The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.

This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet.

The reported software flaw in the Single RAN baseband, which reveals the software release version, can only be misused from within the MNO internal Radio Access Network (RAN) management network by sending a specific HTTP POST request to the Single RAN baseband via the RAN management network.

No practical exploit has been detected for this flaw. However, in theory, the software release version information could be used to precisely identify (i.e., fingerprint) the targeted devices, potentially leading to more targeted attack attempts.

This issue has been corrected starting from release 23R2-SR 1.0 MP and later.

Affected products and versions

Product

Versions

Nokia Single RAN

All the releases prior to 23R2-SR 1.0 MP

Mitigation plan

The fix has been included starting from 23R2-SR 1.0 MP.

Acknowledgements

  • Guillaume Teissier (P1 Security France)
  • Laurent Ghigonis (P1 Security France) 
  • Radu Balaci (Bell Mobility Canada)
  • Meghna Patel (Bell Mobility Canada)

References

Change history : Initial version is published on 02-07-2025