Denial of Service Vulnerability in Open5GS by Open5GS
CVE-2025-25774

6.5MEDIUM

Key Information:

Vendor: Open5GS
Status: Open5GS
Vendor: CVE Published:; 12 March 2025

What is CVE-2025-25774?

A vulnerability has been identified in Open5GS v2.7.2 where a User Equipment (UE) performs a handover request at an inopportune moment during a transition between gNodeBs (gNBs). This specific timing can trigger an exception in the Access and Mobility Management Function (AMF) internal state machine, leading to an unexpected crash of the AMF. As a result, this may result in a Denial of Service, hindering the ability for legitimate users to access network services. Users and organizations using this software should assess their exposure and implement necessary mitigations.

References

https://github.com/open5gs/open5gs/issues/3671

https://github.com/open5gs/open5gs/commit/2e68706f1eea029...

https://github.com/guoweifk/BugReport/blob/main/Open5GS%2...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 12, 2025
Vulnerability Reserved
Feb 7, 2025