CVE-2025-48219 in O2 UKinformazioni

Riassunto

di MITRE • 18/05/2025

O2 UK through 2025-05-17 allows subscribers to determine the Cell ID of other subscribers by initiating an IMS (IP Multimedia Subsystem) call and then reading the utran-cell-id-3gpp field of a Cellular-Network-Info SIP header, aka an ECI (E-UTRAN Cell Identity) leak. The Cell ID might be usable to identify a cell location via crowdsourced data, and might correspond to a small physical area (e.g., if the called party is in a city centre). Removal of the Cellular-Network-Info header is mentioned in section 4.4.19 of ETSI TS 124 229.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Responsabile

MITRE

Prenotare

18/05/2025

Divulgazione

18/05/2025

Moderazione

accettato

CPE

pronto

EPSS

0.00267

KEV

no

Attività

molto basso

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!