CVE-2025-8804

Exploit

EPSS 0.73%
Veröffentlicht 10.08.2025 10:02:08
Zuletzt bearbeitet 15.08.2025 14:15:30
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

Open5GS AMF ngap_build_downlink_nas_transport assertion

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is bca0a7b6e01d254f4223b83831162566d4626428. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 1 Referenzen 13

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Open5gs ≫ Open5gs Version < 2.7.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.73%	0.492

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cna@vuldb.com	5.5	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://github.com/open5gs/open5gs/releases/tag/v2.7.6

Release Notes

https://vuldb.com/?id.319333

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.319333

VDB Entry

Permissions Required

https://vuldb.com/?submit.626124

Third Party Advisory

VDB Entry

https://github.com/open5gs/open5gs/issues/3950

Issue Tracking

https://github.com/open5gs/open5gs/issues/3950#issuecomment-3034693457

Issue Tracking

https://github.com/user-attachments/files/21030801/newdata_for_ngap.zip

Exploit

https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428

Patch

https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8804

https://vuldb.com/?submit.625698

https://nvd.nist.gov/vuln/detail/CVE-2025-8804

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-8804

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-8804

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-8804