CVE-2025-24332

Name of the Vulnerable Software and Affected Versions: Nokia Single RAN AirScale baseband versions prior to 23R4-SR 3.0 MP

Description: The issue allows an authenticated administrative user to access all physical boards after a single login to the baseband system board, without re-authentication when connecting to baseband capacity boards using the internal bsoc SSH service. This service is available internally within the baseband and through the internal backplane between the boards, using an SSH private key present on the baseband system board. The bsoc SSH capability was previously considered an administrative functionality but has been restricted to be available only to baseband root-privileged administrators to mitigate the possibility of misuse with lower-level privileges.

Recommendations: For versions prior to 23R4-SR 3.0 MP, update to release 23R4-SR 3.0 MP or later to restrict the bsoc SSH capability to baseband root-privileged administrators and mitigate the issue.