CVE-2025-24329

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN baseband software versions prior to 24R1-SR 1.0 MP

Description: The issue arises when a crafted SOAP "provision" operation message archive field is sent within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network, causing a path traversal issue. This has been mitigated in release 24R1-SR 1.0 MP and later by utilizing libarchive APIs with security options enabled.

Recommendations: For versions prior to 24R1-SR 1.0 MP, update to release 24R1-SR 1.0 MP or later to resolve the issue. As a temporary workaround, consider restricting access to the SOAP "provision" operation message archive field within the MNO internal RAN management network until a patch is available.