Security Advisories

P1 Security’s Research Team is committed to advancing mobile network security through responsible disclosure of vulnerabilities discovered during audits, protocol research, or customer engagements. This page contains published CVEs and advisories from our team.

VKB ID

Synopsis

Publish Date

CVE Number

Credit

CVSS Score

2357

SOAP message input validation fault could in theory cause OAM service resource exhaustion (Denial of Service)

02-07-2025

CVE-2025-24335

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

2.0

2360

The Nokia Single RAN baseband reveals its software version through the MNO internal RAN management network (Information Disclosure)

02-07-2025

CVE-2025-24334

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

4.3

2361

Administrative user shell input validation fault (Shell Injection)

02-07-2025

CVE-2025-24333

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

6.4

2366

Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication (Lack of admin user re-authentication when authenticated admin connects baseband internally between the physical boards)

02-07-2025

CVE-2025-24332

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

7.1

2358

Nokia Single RAN baseband OAM service extensive capabilities (Elevated capabilities)

02-07-2025

CVE-2025-24331

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

6.4

2365

OAM service path traversal issue caused by a crafted SOAP message PlanId field within the RAN management network (Path Traversal)

02-07-2025

CVE-2025-24330

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

6.4

2364

OAM service path traversal issue caused by a crafted SOAP message archive field within the RAN management network (Path Traversal)

02-07-2025

CVE-2025-24329

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

6.4

2359

OAM service stack overflow caused by crafted SOAP message within the MNO internal RAN management network (Buffer Overflow)

02-07-2025

CVE-2025-24328

- Guillaume Teissier (P1 Security France)
- Laurent Ghigonis (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

4.2

2300

Ericsson Packet Core Controller (PCC) contains a vulnerability in Access and Mobility Management Function (AMF) where improper input validation can lead to denial of service which may result in service degradation (Access and Mobility Management Function AMF)

20-08-2024

CVE-2024-25009

- Benoit Michau (P1 Security France)
- Radu Balaci (Bell Mobility Canada)
- Meghna Patel (Bell Mobility Canada)

6.5

The vulnerabilities listed here have been responsibly disclosed to the affected vendors. P1 Security follows a strict responsible disclosure policy to protect the mobile ecosystem and its users.

As stated in our Vulnerability Disclosure Policy, details are published only after vendors have been given sufficient time to address the issues.