Access and Mobility Management Function Denial of Service Vulnerability in Open5GS
CVE-2025-52288

7.5HIGH

Key Information:

Vendor: Open5GS
Status: Open5GS
Vendor: CVE Published:; 8 September 2025

What is CVE-2025-52288?

The Access and Mobility Management Function (AMF) in Open5GS versions up to 2.7.5 is vulnerable due to an assertion failure in the ngap_build_downlink_nas_transport function. This vulnerability allows attackers to initiate a denial of service (DoS) by sending repeated connect and disconnect messages from User Equipment (UE), potentially disrupting service for legitimate users. Admins should apply relevant patches and monitor for unusual behavior to protect their networks.

References

https://github.com/open5gs/open5gs/issues/3862

https://github.com/open5gs/open5gs/issues/3862#issuecomme...

https://github.com/open5gs/open5gs/issues/3862#issue-3006...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2025
Vulnerability Reserved
Jun 16, 2025

JSON