Open5gs

Open5gs

116 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-65559

Exploit
  • EPSS 0.08%
  • Veröffentlicht 18.12.2025 00:00:00
  • Zuletzt bearbeitet 06.01.2026 20:01:32

An issue was discovered in Open5GS 2.7.5-49-g465e90f, when processing a PFCP Session Establishment Request (type=50), the UPF crashes with a reachable assertion in `lib/pfcp/context.c` (`ogs_pfcp_object_teid_hash_set`) if the CreatePDR?PDI?F-TEID has...

7.5

CVE-2025-63288

  • EPSS 0.08%
  • Veröffentlicht 10.11.2025 19:15:57
  • Zuletzt bearbeitet 11.12.2025 23:30:00

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.

7.5

CVE-2025-41068

  • EPSS 0.04%
  • Veröffentlicht 27.10.2025 12:47:57
  • Zuletzt bearbeitet 29.10.2025 11:15:44

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. ...

7.5

CVE-2025-41067

  • EPSS 0.04%
  • Veröffentlicht 27.10.2025 12:47:32
  • Zuletzt bearbeitet 29.10.2025 11:15:44

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and r...

4

CVE-2025-55904

Exploit
  • EPSS 0.07%
  • Veröffentlicht 17.09.2025 00:00:00
  • Zuletzt bearbeitet 23.09.2025 15:45:10

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF,...

7.5

CVE-2025-52322

Exploit
  • EPSS 0.32%
  • Veröffentlicht 09.09.2025 00:00:00
  • Zuletzt bearbeitet 17.10.2025 20:19:05

An issue in Open5GS v2.7.2 and before allows a remote attacker to cause a denial of service via a crafted Create Session Request message to the SMF (PGW-C), using the IP address of a legitimate UE in the PDN Address Allocation (PAA) field

7.5

CVE-2025-52288

Exploit
  • EPSS 0.22%
  • Veröffentlicht 08.09.2025 00:00:00
  • Zuletzt bearbeitet 09.10.2025 18:19:21

Assertion failure in function ngap_build_downlink_nas_transport in file src/amf/ngap-build.c, the Access and Mobility Management Function (AMF) component, in Open5GS thru 2.7.5 allowing attackers to cause a denial of service or other unspecified impa...

5.5

CVE-2025-9405

Exploit
  • EPSS 0.11%
  • Veröffentlicht 25.08.2025 03:02:08
  • Zuletzt bearbeitet 02.09.2025 18:17:59

A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The expl...

7.5

CVE-2025-8805

Exploit
  • EPSS 0.5%
  • Veröffentlicht 10.08.2025 10:32:08
  • Zuletzt bearbeitet 15.08.2025 14:15:30

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched ...

7.5

CVE-2025-8804

Exploit
  • EPSS 0.32%
  • Veröffentlicht 10.08.2025 10:02:08
  • Zuletzt bearbeitet 15.08.2025 14:15:30

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit h...