Denial of Service Vulnerability in Open5GS AMF Component
CVE-2025-8800

6.9MEDIUM

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
10 August 2025

What is CVE-2025-8800?

A vulnerability exists in the AMF Component of Open5GS versions up to 2.7.5, specifically in the esm_handle_pdn_connectivity_request function located in src/mme/esm-handler.c. This flaw allows an attacker to initiate a denial of service attack remotely, potentially disrupting the service and degrading performance. To mitigate this issue, users are strongly advised to upgrade to version 2.7.6, where the vulnerability has been addressed with a specific patch identified by commit 701505102f514cbde2856cd2ebc9bedb7efc820d.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

References

https://vuldb.com/?id.319328
vdb-entrytechnical-description
https://vuldb.com/?ctiid.319328
signaturepermissions-required
https://vuldb.com/?submit.626113
third-party-advisory

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZYC010101 (VulDB User)
JSON
.