O2 Uk · O2 Uk · CVE-2025-48219
Name of the Vulnerable Software and Affected Versions:
O2 UK through 2025-05-17
Description:
The issue allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the `utran-cell-id-3gpp` field of a "Cellular-Network-Info" SIP header, which might be usable to identify a cell location via crowdsourced data. This could potentially correspond to a small physical area, such as a city centre. The removal of the "Cellular-Network-Info" header is mentioned in section 4.4.19 of ETSI TS 124 229.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.