{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T09:01:32.125","vulnerabilities":[{"cve":{"id":"CVE-2025-24333","sourceIdentifier":"b48c3b8f-639e-4c16-8725-497bc411dad0","published":"2025-07-02T09:15:24.800","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Nokia Single RAN baseband software earlier than 24R1-SR 1.0 MP contains administrative shell input validation fault, which authenticated admin user can, in theory, potentially use for injecting arbitrary commands for unprivileged baseband OAM service process execution via special characters added to baseband internal COMA_config.xml file.\n\nThis issue has been corrected starting from release 24R1-SR 1.0 MP and later, by adding proper input validation to OAM service process which prevents injecting special characters via baseband internal COMA_config.xml file."},{"lang":"es","value":"El software de banda base de Nokia Single RAN anterior a la versión 24R1-SR 1.0 MP presenta un fallo de validación de entrada en el shell administrativo. Este fallo, en teoría, podría ser utilizado por un usuario administrador autenticado para inyectar comandos arbitrarios y ejecutar procesos de servicio OAM de banda base sin privilegios mediante la adición de caracteres especiales al archivo interno COMA_config.xml de banda base. Este problema se ha corregido a partir de la versión 24R1-SR 1.0 MP, añadiendo una validación de entrada adecuada al proceso de servicio OAM, lo que impide la inyección de caracteres especiales mediante el archivo interno COMA_config.xml de banda base."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":6.4,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":0.5,"impactScore":5.9}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-77"}]}],"references":[{"url":"https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2025-24333/","source":"b48c3b8f-639e-4c16-8725-497bc411dad0"}]}}]}