CVE-2025-24334
The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network
Public disclosure |
02-07-2025 |
|---|---|
Last updated |
02-07-2025 |
Vulnerability type |
Information Disclosure |
CVSS vector |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
CVSS score |
3.3 |
Description
The Nokia Single RAN baseband software earlier than 23R2-SR 1.0 MP can be made to reveal the exact software release version by sending a specific HTTP POST request through the Mobile Network Operator (MNO) internal RAN management network.
This vulnerability is not exploitable from outside the Mobile Network Operator (MNO) internal architecture, such as from mobile network user devices (UEs), roaming networks, or the Internet.
The reported software flaw in the Single RAN baseband, which reveals the software release version, can only be misused from within the MNO internal Radio Access Network (RAN) management network by sending a specific HTTP POST request to the Single RAN baseband via the RAN management network.
No practical exploit has been detected for this flaw. However, in theory, the software release version information could be used to precisely identify (i.e., fingerprint) the targeted devices, potentially leading to more targeted attack attempts.
This issue has been corrected starting from release 23R2-SR 1.0 MP and later.
Affected products and versions
Product |
Versions |
|---|---|
Nokia Single RAN |
All the releases prior to 23R2-SR 1.0 MP |
Mitigation plan
The fix has been included starting from 23R2-SR 1.0 MP.
Acknowledgements
- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)
References
Change history : Initial version is published on 02-07-2025