{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24335", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "state": "PUBLISHED", "assignerShortName": "Nokia", "dateReserved": "2025-01-20T05:33:25.524Z", "datePublished": "2025-07-02T08:35:46.346Z", "dateUpdated": "2025-07-02T13:26:40.283Z"}, "containers": {"cna": {"title": "SOAP message input validation fault could in theory cause OAM service resource exhaustion", "descriptions": [{"lang": "en", "value": "Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.\n\nNo practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue."}], "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"version": "All the releases prior to 24R1-SR 2.1 MP", "status": "affected"}, {"version": "24R1-SR 2.1 MP and later", "status": "unaffected"}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/", "name": "Nokia Security Advisory"}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T08:35:46.346Z"}, "x_generator": {"engine": "cveClient/1.0.15"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-1287", "lang": "en", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-07-02T13:26:34.467642Z", "id": "CVE-2025-24335", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:26:40.283Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-24335", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-02T13:26:34.467642Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-1287", "description": "CWE-1287 Improper Validation of Specified Type of Input"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-02T13:17:39.339Z"}}], "cna": {"title": "SOAP message input validation fault could in theory cause OAM service resource exhaustion", "affected": [{"vendor": "Nokia", "product": "Nokia Single RAN", "versions": [{"status": "affected", "version": "All the releases prior to 24R1-SR 2.1 MP"}, {"status": "unaffected", "version": "24R1-SR 2.1 MP and later"}]}], "references": [{"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/", "name": "Nokia Security Advisory"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.\n\nNo practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue."}], "providerMetadata": {"orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "shortName": "Nokia", "dateUpdated": "2025-07-02T08:35:46.346Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24335", "state": "PUBLISHED", "dateUpdated": "2025-07-02T13:26:40.283Z", "dateReserved": "2025-01-20T05:33:25.524Z", "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0", "datePublished": "2025-07-02T08:35:46.346Z", "assignerShortName": "Nokia"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nokia Single RAN baseband software versions earlier than 24R1-SR 2.1 MP contain a SOAP message input validation flaw, which in theory could potentially be used for causing resource exhaustion in the Single RAN baseband OAM service.\n\nNo practical exploit has been detected for this flaw. However, the issue has been corrected starting from release 24R1-SR 2.1 MP by adding sufficient input validation for received SOAP requests, effectively mitigating the reported issue."}, {"lang": "es", "value": "Las versiones del software de banda base de Nokia Single RAN anteriores a la 24R1-SR 2.1 MP contienen una falla de validaci\u00f3n de entrada de mensajes SOAP que, en teor\u00eda, podr\u00eda utilizarse para causar el agotamiento de recursos en el servicio OAM de banda base de RAN \u00fanica. No se ha detectado ninguna vulnerabilidad pr\u00e1ctica para esta falla. Sin embargo, el problema se ha corregido a partir de la versi\u00f3n 24R1-SR 2.1 MP a\u00f1adiendo una validaci\u00f3n de entrada suficiente para las solicitudes SOAP recibidas, mitigando eficazmente el problema reportado."}], "id": "CVE-2025-24335", "lastModified": "2025-07-03T15:13:53.147", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.5, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-07-02T09:15:25.010", "references": [{"source": "b48c3b8f-639e-4c16-8725-497bc411dad0", "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24335/"}], "sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1287"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}