CVE-2025-48219

Name of the Vulnerable Software and Affected Versions: O2 UK through 2025-05-17

Description: The issue allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a "Cellular-Network-Info" SIP header, which might be usable to identify a cell location via crowdsourced data. This could potentially correspond to a small physical area, such as a city centre. The removal of the "Cellular-Network-Info" header is mentioned in section 4.4.19 of ETSI TS 124 229.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.