CVE-2025-24331 (GCVE-0-2025-24331)

Vulnerability from cvelistv5 – Published: 2025-07-02 08:30 – Updated: 2025-07-02 14:36
VLAI?
Summary
The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later. Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.
Severity ?
6.4 (Medium)
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-250 - Execution with Unnecessary Privileges
Assigner
References
Impacted products
Vendor Product Version
Nokia Nokia Single RAN Affected: All the releases prior to 24R1-SR 0.2 MP
Unaffected: 24R1-SR 0.2 MP and later
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.4,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "HIGH",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-24331",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-02T14:36:27.881891Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-250",
                "description": "CWE-250 Execution with Unnecessary Privileges",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-02T14:36:32.449Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Nokia Single RAN",
          "vendor": "Nokia",
          "versions": [
            {
              "status": "affected",
              "version": "All the releases prior to 24R1-SR 0.2 MP"
            },
            {
              "status": "unaffected",
              "version": "24R1-SR 0.2 MP and later"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\n\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-02T08:30:19.565Z",
        "orgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
        "shortName": "Nokia"
      },
      "references": [
        {
          "name": "Nokia Security Advisory",
          "url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/"
        }
      ],
      "title": "Nokia Single RAN baseband OAM service extensive capabilities",
      "x_generator": {
        "engine": "cveClient/1.0.15"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b48c3b8f-639e-4c16-8725-497bc411dad0",
    "assignerShortName": "Nokia",
    "cveId": "CVE-2025-24331",
    "datePublished": "2025-07-02T08:30:19.565Z",
    "dateReserved": "2025-01-20T05:33:25.523Z",
    "dateUpdated": "2025-07-02T14:36:32.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-24331\",\"sourceIdentifier\":\"b48c3b8f-639e-4c16-8725-497bc411dad0\",\"published\":\"2025-07-02T09:15:24.597\",\"lastModified\":\"2025-07-03T15:13:53.147\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\\n\\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.\"},{\"lang\":\"es\",\"value\":\"El servicio OAM de banda base Single RAN est\u00e1 dise\u00f1ado para ejecutarse sin privilegios. Sin embargo, inicialmente comienza con privilegios de root y asigna ciertas capacidades antes de descender a un nivel sin privilegios. Las capacidades conservadas del per\u00edodo de root se consideran extensas tras la eliminaci\u00f3n de privilegios y, en teor\u00eda, podr\u00edan permitir acciones que excedan el alcance previsto del servicio OAM. Estas acciones podr\u00edan incluir obtener privilegios de root, acceder a archivos propiedad de root, modificarlos como propietario del archivo y, posteriormente, devolverlos a la propiedad de root. Este problema se ha corregido a partir de la versi\u00f3n 24R1-SR 0.2 MP y posteriores. A partir de la versi\u00f3n 24R1-SR 0.2 MP, las capacidades del software del servicio OAM se limitan al m\u00ednimo necesario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-250\"}]}],\"references\":[{\"url\":\"https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/\",\"source\":\"b48c3b8f-639e-4c16-8725-497bc411dad0\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-24331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-02T14:36:27.881891Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-250\", \"description\": \"CWE-250 Execution with Unnecessary Privileges\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-02T14:35:00.460Z\"}}], \"cna\": {\"title\": \"Nokia Single RAN baseband OAM service extensive capabilities\", \"affected\": [{\"vendor\": \"Nokia\", \"product\": \"Nokia Single RAN\", \"versions\": [{\"status\": \"affected\", \"version\": \"All the releases prior to 24R1-SR 0.2 MP\"}, {\"status\": \"unaffected\", \"version\": \"24R1-SR 0.2 MP and later\"}]}], \"references\": [{\"url\": \"https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24331/\", \"name\": \"Nokia Security Advisory\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.15\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later.\\n\\nBeginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary.\"}], \"providerMetadata\": {\"orgId\": \"b48c3b8f-639e-4c16-8725-497bc411dad0\", \"shortName\": \"Nokia\", \"dateUpdated\": \"2025-07-02T08:30:19.565Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-24331\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-02T14:36:32.449Z\", \"dateReserved\": \"2025-01-20T05:33:25.523Z\", \"assignerOrgId\": \"b48c3b8f-639e-4c16-8725-497bc411dad0\", \"datePublished\": \"2025-07-02T08:30:19.565Z\", \"assignerShortName\": \"Nokia\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.