CVE-2025-7485

EPSS 0.02%
Veröffentlicht 12.07.2025 18:32:07
Zuletzt bearbeitet 15.07.2025 13:14:24
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellern/a

≫

Produkt Open5GS

Version 2.7.0

Status affected

Version 2.7.1

Status affected

Version 2.7.2

Status affected

Version 2.7.3

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.027

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	4.8	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://vuldb.com/?id.316135

https://vuldb.com/?ctiid.316135

https://vuldb.com/?submit.610601

https://github.com/open5gs/open5gs/issues/3878/

https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136

https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d

https://nvd.nist.gov/vuln/detail/CVE-2025-7485

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-7485

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-7485

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-7485