CVE-2025-24328

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband OAM service component versions prior to 24R1-SR 1.0 MP

Description: The issue occurs when a crafted SOAP "set" operation message is sent within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network, causing the Nokia Single RAN baseband OAM service component to restart. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service.

Recommendations: For versions prior to 24R1-SR 1.0 MP, update to release 24R1-SR 1.0 MP or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP "set" operation message within the MNO internal RAN management network to minimize the risk of exploitation.