CVE-2025-7485 (GCVE-0-2025-7485)
Vulnerability from cvelistv5 – Published: 2025-07-12 18:32 – Updated: 2025-07-14 16:15
VLAI?
Summary
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.
Severity ?
CWE
- CWE-617 - Reachable Assertion
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
Credits
SQ0409 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7485",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-14T16:15:17.161464Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-14T16:15:20.711Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/open5gs/open5gs/issues/3878/"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"SCTP Partial Message Handler"
],
"product": "Open5GS",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.7.0"
},
{
"status": "affected",
"version": "2.7.1"
},
{
"status": "affected",
"version": "2.7.2"
},
{
"status": "affected",
"version": "2.7.3"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SQ0409 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue."
},
{
"lang": "de",
"value": "In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_recv_handler/s1ap_recv_handler/recv_handler der Komponente SCTP Partial Message Handler. Mittels Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Patch wird als cfa44575020f3fb045fd971358442053c8684d3d bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 1.7,
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-617",
"description": "Reachable Assertion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-12T18:32:07.219Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-316135 | Open5GS SCTP Partial Message recv_handler assertion",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.316135"
},
{
"name": "VDB-316135 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.316135"
},
{
"name": "Submit #610601 | Open5GS \u003c=2.7.3 Reachable Assertion",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.610601"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/open5gs/open5gs/issues/3878/"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136"
},
{
"tags": [
"patch"
],
"url": "https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-11T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-11T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-11T14:58:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "Open5GS SCTP Partial Message recv_handler assertion"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7485",
"datePublished": "2025-07-12T18:32:07.219Z",
"dateReserved": "2025-07-11T12:53:19.541Z",
"dateUpdated": "2025-07-14T16:15:20.711Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-7485\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2025-07-12T19:15:25.993\",\"lastModified\":\"2025-08-25T16:49:02.040\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en Open5GS hasta la versi\u00f3n 2.7.3. Esta vulnerabilidad afecta la funci\u00f3n ngap_recv_handler/s1ap_recv_handler/recv_handler del componente SCTP Partial Message Handler. La manipulaci\u00f3n genera una aserci\u00f3n accesible. El ataque debe abordarse localmente. El parche se llama cfa44575020f3fb045fd971358442053c8684d3d. Se recomienda aplicar un parche para solucionar este problema.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":4.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":1.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.1,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-617\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.6\",\"matchCriteriaId\":\"F4733D6E-5B99-4217-96BA-533B220A1FDA\"}]}]}],\"references\":[{\"url\":\"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/open5gs/open5gs/issues/3878/\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?ctiid.316135\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Permissions Required\",\"VDB Entry\",\"Third Party Advisory\"]},{\"url\":\"https://vuldb.com/?id.316135\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://vuldb.com/?submit.610601\",\"source\":\"cna@vuldb.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/open5gs/open5gs/issues/3878/\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-7485\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-14T16:15:17.161464Z\"}}}], \"references\": [{\"url\": \"https://github.com/open5gs/open5gs/issues/3878/\", \"tags\": [\"exploit\"]}, {\"url\": \"https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-14T16:15:11.557Z\"}}], \"cna\": {\"title\": \"Open5GS SCTP Partial Message recv_handler assertion\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"SQ0409 (VulDB User)\"}], \"metrics\": [{\"cvssV4_0\": {\"version\": \"4.0\", \"baseScore\": 4.8, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X\"}}, {\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 3.3, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 1.7, \"vectorString\": \"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C\"}}], \"affected\": [{\"vendor\": \"n/a\", \"modules\": [\"SCTP Partial Message Handler\"], \"product\": \"Open5GS\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.7.0\"}, {\"status\": \"affected\", \"version\": \"2.7.1\"}, {\"status\": \"affected\", \"version\": \"2.7.2\"}, {\"status\": \"affected\", \"version\": \"2.7.3\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2025-07-11T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2025-07-11T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2025-07-11T14:58:33.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.316135\", \"name\": \"VDB-316135 | Open5GS SCTP Partial Message recv_handler assertion\", \"tags\": [\"vdb-entry\", \"technical-description\"]}, {\"url\": \"https://vuldb.com/?ctiid.316135\", \"name\": \"VDB-316135 | CTI Indicators (IOB, IOC, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.610601\", \"name\": \"Submit #610601 | Open5GS \u003c=2.7.3 Reachable Assertion\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/open5gs/open5gs/issues/3878/\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d\", \"tags\": [\"patch\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.\"}, {\"lang\": \"de\", \"value\": \"In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_recv_handler/s1ap_recv_handler/recv_handler der Komponente SCTP Partial Message Handler. Mittels Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Patch wird als cfa44575020f3fb045fd971358442053c8684d3d bezeichnet. Als bestm\\u00f6gliche Massnahme wird Patching empfohlen.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-617\", \"description\": \"Reachable Assertion\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2025-07-12T18:32:07.219Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-7485\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-14T16:15:20.711Z\", \"dateReserved\": \"2025-07-11T12:53:19.541Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2025-07-12T18:32:07.219Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…