cnvd - cnvd-2025-18575

CNVD-2025-18575

Vulnerability from cnvd - Published: 2025-08-15

Title

Open5GS拒绝服务漏洞（CNVD-2025-18575）

Description

Open5GS是Open5GS开源的一个5G Core和Epc的C语言开源实现，即Lte/Nr网络的核心网络。 Open5GS存在拒绝服务漏洞，攻击者可利用该漏洞导致common_register_state中的AMF崩溃造成的。

Severity

中

Patch Name

Open5GS拒绝服务漏洞（CNVD-2025-18575）的补丁

Patch Description

Open5GS是Open5GS开源的一个5G Core和Epc的C语言开源实现，即Lte/Nr网络的核心网络。 Open5GS存在拒绝服务漏洞，攻击者可利用该漏洞导致common_register_state中的AMF崩溃造成的。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已提供漏洞修复方案，请关注厂商主页更新： https://github.com/open5gs/open5gs

Reference

https://nvd.nist.gov/vuln/detail/CVE-2025-5935

Impacted products

Name
Open5GS Open5GS <=2.7.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-5935",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-5935"
    }
  },
  "description": "Open5GS\u662fOpen5GS\u5f00\u6e90\u7684\u4e00\u4e2a5G Core\u548cEpc\u7684C\u8bed\u8a00\u5f00\u6e90\u5b9e\u73b0\uff0c\u5373Lte/Nr\u7f51\u7edc\u7684\u6838\u5fc3\u7f51\u7edc\u3002\n\nOpen5GS\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4common_register_state\u4e2d\u7684AMF\u5d29\u6e83\u9020\u6210\u7684\u3002",
  "formalWay": "\u5382\u5546\u5df2\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://github.com/open5gs/open5gs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-18575",
  "openTime": "2025-08-15",
  "patchDescription": "Open5GS\u662fOpen5GS\u5f00\u6e90\u7684\u4e00\u4e2a5G Core\u548cEpc\u7684C\u8bed\u8a00\u5f00\u6e90\u5b9e\u73b0\uff0c\u5373Lte/Nr\u7f51\u7edc\u7684\u6838\u5fc3\u7f51\u7edc\u3002\r\n\r\nOpen5GS\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4common_register_state\u4e2d\u7684AMF\u5d29\u6e83\u9020\u6210\u7684\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Open5GS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-18575\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Open5GS Open5GS \u003c=2.7.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2025-5935",
  "serverity": "\u4e2d",
  "submitTime": "2025-06-20",
  "title": "Open5GS\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2025-18575\uff09"
}

CVE-2025-5935 (GCVE-0-2025-5935)

Vulnerability from cvelistv5 – Published: 2025-06-10 04:33 – Updated: 2025-06-10 14:42

Summary

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

5.3 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-404 - Denial of Service

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.311713	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.311713	signaturepermissions-required
	https://vuldb.com/?submit.589354	third-party-advisory
	https://github.com/open5gs/open5gs/issues/3874	issue-tracking
	https://github.com/open5gs/open5gs/issues/3874#is…	issue-tracking
	https://github.com/user-attachments/files/1986320…	exploit
	https://github.com/open5gs/open5gs/commit/62cb997…	patch

Impacted products

	Vendor	Product	Version
	n/a	Open5GS	Affected: 2.7.0 Affected: 2.7.1 Affected: 2.7.2 Affected: 2.7.3

Credits

SQ0409 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5935",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-10T14:41:45.639857Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-10T14:42:05.950Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "AMF/MME"
          ],
          "product": "Open5GS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.7.0"
            },
            {
              "status": "affected",
              "version": "2.7.1"
            },
            {
              "status": "affected",
              "version": "2.7.2"
            },
            {
              "status": "affected",
              "version": "2.7.3"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "SQ0409 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue."
        },
        {
          "lang": "de",
          "value": "In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle ausgemacht. Dabei geht es um die Funktion common_register_state der Datei src/mme/emm-sm.c der Komponente AMF/MME. Mittels Manipulieren des Arguments ran_ue_id mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 5,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-10T04:33:57.358Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-311713 | Open5GS AMF/MME emm-sm.c common_register_state denial of service",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.311713"
        },
        {
          "name": "VDB-311713 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.311713"
        },
        {
          "name": "Submit #589354 | Open5GS \u003c=2.7.3 Reachable Assertion",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.589354"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/open5gs/open5gs/issues/3874"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/open5gs/open5gs/issues/3874#issuecomment-2853547622"
        },
        {
          "tags": [
            "exploit"
          ],
          "url": "https://github.com/user-attachments/files/19863206/Problematic.handover.required.process.zip"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open5gs/open5gs/commit/62cb99755243c9c38e4c060c5d8d0e158fe8cdd5"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-06-09T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-06-09T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-06-10T06:38:48.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Open5GS AMF/MME emm-sm.c common_register_state denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-5935",
    "datePublished": "2025-06-10T04:33:57.358Z",
    "dateReserved": "2025-06-09T15:33:47.465Z",
    "dateUpdated": "2025-06-10T14:42:05.950Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-18575

CVE-2025-5935 (GCVE-0-2025-5935)

Tags

Sightings

Nomenclature