CVE-2025-24333 – Nokia Single RAN Baseband Administrative Shell Command Injection Vulnerability

July 2, 2025

CVE ID : CVE-2025-24333

Published : July 2, 2025, 9:15 a.m. | 27 minutes ago

Description : Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.

This issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-24334 – Nokia Single RAN Baseband Software Information Disclosure Vulnerability

Next Article CVE-2025-24332 – Nokia Single RAN AirScale Baseband SSH Privilege Escalation

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-24333 – Nokia Single RAN Baseband Administrative Shell Command Injection Vulnerability

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

Building interactive agents in video game worlds

CVE-2025-4744 – Apache Employee Record System Cross-Site Scripting Vulnerability

CVE-2025-5099 – Adobe PDF Out of Bounds Write Vulnerability

CVE-2025-4895 – SourceCodester Doctors Appointment System SQL Injection Vulnerability

CVE-2025-24351 – CtrlX OS Remote Command Execution Vulnerability

Rilasciata l’App PeerTube Mobile versione 1

CVE-2025-48920 – Drupal etracker Cross-Site Scripting (XSS)

Google Researchers Advance Diagnostic AI: AMIE Now Matches or Outperforms Primary Care Physicians Using Multimodal Reasoning with Gemini 2.0 Flash

CVE-2025-24333 – Nokia Single RAN Baseband Administrative Shell Command Injection Vulnerability

Related Posts