FKIE_CVE-2025-8799

Vulnerability from fkie_nvd - Published: 2025-08-10 08:15 - Updated: 2025-08-15 14:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file src/amf/npcf-build.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is named cf63dd63197bf61a4b041aa364ba6a6199ab15e4. It is recommended to upgrade the affected component.
References
cna@vuldb.comhttps://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8799
cna@vuldb.comhttps://github.com/open5gs/open5gs/commit/cf63dd63197bf61a4b041aa364ba6a6199ab15e4Patch
cna@vuldb.comhttps://github.com/open5gs/open5gs/issues/3979Issue Tracking
cna@vuldb.comhttps://github.com/open5gs/open5gs/issues/3979#issuecomment-3054369376Issue Tracking
cna@vuldb.comhttps://github.com/open5gs/open5gs/releases/tag/v2.7.6Release Notes
cna@vuldb.comhttps://github.com/user-attachments/files/21104682/5g_amf_crash_ran.zipExploit
cna@vuldb.comhttps://vuldb.com/?ctiid.319327Permissions Required, VDB Entry
cna@vuldb.comhttps://vuldb.com/?id.319327Third Party Advisory, VDB Entry
cna@vuldb.comhttps://vuldb.com/?submit.626112Third Party Advisory, VDB Entry
134c704f-9b21-4f2e-91b3-4a467353bcc0https://github.com/open5gs/open5gs/issues/3979Issue Tracking
Impacted products
Vendor Product Version
open5gs open5gs *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4733D6E-5B99-4217-96BA-533B220A1FDA",
              "versionEndExcluding": "2.7.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was identified in Open5GS up to 2.7.5. Affected by this vulnerability is the function amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context of the file src/amf/npcf-build.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is named cf63dd63197bf61a4b041aa364ba6a6199ab15e4. It is recommended to upgrade the affected component."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una vulnerabilidad en Open5GS hasta la versi\u00f3n 2.7.5. Se ha declarado problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n amf_npcf_am_policy_control_build_create/amf_nsmf_pdusession_build_create_sm_context del archivo src/amf/npcf-build.c del componente AMF. La manipulaci\u00f3n provoca una denegaci\u00f3n de servicio. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 2.7.6 puede solucionar este problema. El parche se llama cf63dd63197bf61a4b041aa364ba6a6199ab15e4. Se recomienda actualizar el componente afectado."
    }
  ],
  "id": "CVE-2025-8799",
  "lastModified": "2025-08-15T14:15:29.233",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cna@vuldb.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "NOT_DEFINED",
          "Recovery": "NOT_DEFINED",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "NETWORK",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "PROOF_OF_CONCEPT",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "NONE",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "NONE",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "LOW",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "NOT_DEFINED"
        },
        "source": "cna@vuldb.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-08-10T08:15:24.660",
  "references": [
    {
      "source": "cna@vuldb.com",
      "url": "https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8799"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/open5gs/open5gs/commit/cf63dd63197bf61a4b041aa364ba6a6199ab15e4"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/open5gs/open5gs/issues/3979"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/open5gs/open5gs/issues/3979#issuecomment-3054369376"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://github.com/user-attachments/files/21104682/5g_amf_crash_ran.zip"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?ctiid.319327"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?id.319327"
    },
    {
      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://vuldb.com/?submit.626112"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/open5gs/open5gs/issues/3979"
    }
  ],
  "sourceIdentifier": "cna@vuldb.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-404"
        }
      ],
      "source": "cna@vuldb.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.