Vulnerability Description
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | < 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-9405Third Party Advisory
- https://github.com/open5gs/open5gs/commit/8e5fed16114f2f5e40bee1b161914b592b2b7bPatch
- https://github.com/open5gs/open5gs/issues/3947ExploitIssue Tracking
- https://github.com/open5gs/open5gs/issues/3947#issuecomment-3029992728Issue Tracking
- https://github.com/user-attachments/files/21013084/amf_udm-uecm.zipProduct
- https://vuldb.com/?ctiid.321241Permissions RequiredVDB Entry
- https://vuldb.com/?id.321241Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.633467Third Party AdvisoryVDB Entry
- https://github.com/open5gs/open5gs/issues/3947ExploitIssue Tracking
- https://github.com/open5gs/open5gs/issues/3947#issuecomment-3029992728Issue Tracking
- https://vuldb.com/?submit.633467Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-9405?
CVE-2025-9405 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It i...
How severe is CVE-2025-9405?
CVE-2025-9405 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-9405?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.