Vulnerability Description
A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version v2.7.6 is able to address this issue. The patch is identified as f168f7586a4fa536cee95ae60ac437d997f15b97. It is recommended to upgrade the affected component.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | < 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8802
- https://github.com/open5gs/open5gs/commit/f168f7586a4fa536cee95ae60ac437d997f15bPatch
- https://github.com/open5gs/open5gs/issues/3978Issue Tracking
- https://github.com/open5gs/open5gs/releases/tag/v2.7.6Release Notes
- https://github.com/user-attachments/files/21104269/5G_SMF.AMF_crash.zipExploit
- https://vuldb.com/?ctiid.319330Permissions RequiredVDB Entry
- https://vuldb.com/?id.319330Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.626122Third Party AdvisoryVDB Entry
- https://github.com/open5gs/open5gs/issues/3978Issue Tracking
FAQ
What is CVE-2025-8802?
CVE-2025-8802 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A vulnerability was determined in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument...
How severe is CVE-2025-8802?
CVE-2025-8802 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-8802?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.