Vulnerability Description
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | <= 2.7.3 |
Related Weaknesses (CWE)
References
- https://github.com/open5gs/open5gs/commit/2daa44adab762c47a8cef69cc984946973a845Patch
- https://github.com/open5gs/open5gs/issues/3909ExploitIssue TrackingVendor Advisory
- https://github.com/open5gs/open5gs/issues/3909#issuecomment-2926682623Issue TrackingVendor Advisory
- https://github.com/user-attachments/files/20362183/AMF.crash.due.to.pathswitchreNot Applicable
- https://vuldb.com/?ctiid.310915Permissions RequiredVDB Entry
- https://vuldb.com/?id.310915Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.582265Third Party AdvisoryVDB Entry
- https://github.com/open5gs/open5gs/issues/3909ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-5501?
CVE-2025-5501 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c o...
How severe is CVE-2025-5501?
CVE-2025-5501 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-5501?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.