NULL Pointer Dereference Vulnerability in Open5GS by Open5GS
CVE-2025-55904

4MEDIUM

Key Information:

Vendor: Open5GS
Status: Open5GS
Vendor: CVE Published:; 17 September 2025

What is CVE-2025-55904?

Open5GS versions prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615 are susceptible to a NULL pointer dereference vulnerability. This issue arises when an affected component receives a multipart/related HTTP POST request that includes an empty HTTP body. The vulnerability specifically exists within the parse_multipart function in the lib/sbi/message.c file, potentially leading to denial of service across critical system functions such as AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, and UDR.

References

https://github.com/open5gs/open5gs/commit/67ba7f92bbd7a37...

https://github.com/open5gs/open5gs/issues/3942

https://github.com/tsiamoulis/vuln-research/tree/main/CVE...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 17, 2025
Vulnerability Reserved
Aug 16, 2025

JSON