5.5

CVE-2025-9405

Exploit

Open5GS gmm-sm.c gmm_state_exception assertion

A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Open5gsOpen5gs Version < 2.7.6
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.58% 0.432
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 5.5 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://vuldb.com/?id.321241
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.321241
VDB Entry
Permissions Required
https://vuldb.com/?submit.633467
Third Party Advisory
VDB Entry
https://github.com/open5gs/open5gs/issues/3947
Exploit
Issue Tracking
https://github.com/open5gs/open5gs/issues/3947#issuecomment-3029992728
Issue Tracking
https://github.com/user-attachments/files/21013084/amf_udm-uecm.zip
Product
https://github.com/open5gs/open5gs/commit/8e5fed16114f2f5e40bee1b161914b592b2b7b8f
Patch
https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-9405
Third Party Advisory