Local Host Vulnerability in Open5GS AMF Service Affecting Version 2.7.5
CVE-2025-6952

4.8MEDIUM

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
1 July 2025

What is CVE-2025-6952?

A local host vulnerability in the Open5GS AMF Service, specifically within the function amf_state_operational, allows attackers to exploit reachable assertions in the code. This issue can be triggered by crafting specific inputs, leading to unexpected behavior of the service. It is critical for users operating versions up to 2.7.5 to apply the recommended patch to mitigate the risks associated with this vulnerability. The patch identifier is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

References

https://vuldb.com/?id.314489
vdb-entrytechnical-description
https://vuldb.com/?ctiid.314489
signaturepermissions-required
https://vuldb.com/?submit.605312
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SQ0409 (VulDB User)
.
CVE-2025-6952 : Local Host Vulnerability in Open5GS AMF Service Affecting Version 2.7.5