{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24331", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-20T05:33:25.523Z", "datePublished": "2025-07-02T08:30:19.565Z", "dateUpdated": "2025-07-02T14:36:32.449Z"}, "containers": {"cna": {"title": "Nokia Single RAN baseband OAM service extensive capabilities", "descriptions": [{"lang": "en", "value": "The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\n\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary."}], "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"version": "All the releases prior to 24R1-SR 0.2 MP", "status": "affected"}, {"version": "24R1-SR 0.2 MP and later", "status": "unaffected"}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/", "name": "Nokia Security Advisory"}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T08:30:19.565Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-250", "lang": "en", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-02T14:36:27.881891Z", "id": "CVE-2025-24331", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T14:36:32.449Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24331", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-02T14:36:27.881891Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-250", "description": "CWE-250 Execution with Unnecessary Privileges"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T14:35:00.460Z"}}], "cna": {"title": "Nokia Single RAN baseband OAM service extensive capabilities", "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"status": "affected", "version": "All the releases prior to 24R1-SR 0.2 MP"}, {"status": "unaffected", "version": "24R1-SR 0.2 MP and later"}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/", "name": "Nokia Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\n\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T08:30:19.565Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24331", "state": "PUBLISHED", "dateUpdated": "2025-07-02T14:36:32.449Z", "dateReserved": "2025-01-20T05:33:25.523Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2025-07-02T08:30:19.565Z", "assignerShortName": "Nokia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\n\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary."}, {"lang": "es", "value": "El servicio OAM de banda base Single RAN est\u00e1 dise\u00f1ado para ejecutarse sin privilegios. Sin embargo, inicialmente comienza con privilegios de root y asigna ciertas capacidades antes de descender a un nivel sin privilegios. Las capacidades conservadas del per\u00edodo de root se consideran extensas tras la eliminaci\u00f3n de privilegios y, en teor\u00eda, podr\u00edan permitir acciones que excedan el alcance previsto del servicio OAM. Estas acciones podr\u00edan incluir obtener privilegios de root, acceder a archivos propiedad de root, modificarlos como propietario del archivo y, posteriormente, devolverlos a la propiedad de root. Este problema se ha corregido a partir de la versi\u00f3n 24R1-SR 0.2 MP y posteriores. A partir de la versi\u00f3n 24R1-SR 0.2 MP, las capacidades del software del servicio OAM se limitan al m\u00ednimo necesario."}], "id": "CVE-2025-24331", "lastModified": "2025-07-03T15:13:53.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-02T09:15:24.597", "references": [{"source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/"}], "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-250"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}