Denial of Service Vulnerability in Open5GS by Open5GS
CVE-2025-63288

7.5HIGH

Key Information:

Vendor: Open5GS
Status: Open5GS
Vendor: CVE Published:; 10 November 2025

What is CVE-2025-63288?

In version 2.7.6 of Open5GS, a vulnerability exists that causes the Access and Mobility Management Function (AMF) to crash upon receiving an abnormal NGSetupRequest message. This failure results in a denial of service, potentially disrupting the functionality of network operations reliant on the AMF. Users and organizations utilizing this version must be cautious of how their systems handle unexpected message formats to mitigate the risk associated with this vulnerability.

References

https://github.com/open5gs/open5gs/issues/4087

https://github.com/open5gs/open5gs/commit/be765fe2b03e350...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 27, 2025

JSON