Denial of Service Vulnerability in Open5GS Session Management Function
CVE-2025-56568

7.5HIGH

Key Information:

Vendor: Open5GS
Status: Session Management Function (SMF)
Vendor: CVE Published:; 30 April 2026

What is CVE-2025-56568?

The Session Management Function (SMF) of Open5GS versions prior to 2.7.5 contains an assertion failure vulnerability in the Protocol Configuration Options (PCO) parser. This flaw allows a remote attacker to craft NGAP messages with malformed length fields, potentially leading to a denial of service condition. Exploiting this vulnerability can disrupt the normal functioning of the service, impacting the availability of network resources.

References

https://github.com/open5gs/open5gs/issues/3969

https://github.com/open5gs/open5gs/commit/d7707879c943d2c...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Aug 17, 2025

CVE-2025-56568 Data

JSON