CVE-2025-24331

Name of the Vulnerable Software and Affected Versions: Single RAN baseband OAM service versions prior to 24R1-SR 0.2 MP

Description: The Single RAN baseband OAM service is intended to run as an unprivileged service but initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive and could potentially allow actions beyond the intended scope of the OAM service, including gaining root privileges, accessing root-owned files, modifying them, and then returning them to root ownership.

Recommendations: For versions prior to 24R1-SR 0.2 MP, update to release 24R1-SR 0.2 MP or later to restrict the OAM service software capabilities to the minimum necessary.