- Description
- Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause path traversal issue in Nokia Single RAN baseband software with versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. Beginning with release 24R1-SR 1.0 MP, the OAM service software utilizes libarchive APIs with security options enabled, effectively mitigating the reported path traversal issue.
- Source
- b48c3b8f-639e-4c16-8725-497bc411dad0
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.4
- Impact score
- 5.9
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-22
- Hype score
- Not currently trending
CVE-2025-24329 Path Traversal in Nokia Single RAN Baseband Software Before 24R1-SR 1.0 MP https://t.co/khqqMBzP5S
@VulmonFeeds
2 Jul 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-24329 Sending a crafted SOAP "provision" operation message archive field within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can… https://t.co/mLday6rPef
@CVEnew
2 Jul 2025
371 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes