Skip to main content

CVE-2025-29632: n/a

Medium
VulnerabilityCVE-2025-29632cvecve-2025-29632
Published: Thu May 29 2025 (05/29/2025, 00:00:00 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: n/a

Description

Buffer Overflow vulnerability in Free5gc v.4.0.0 allows a remote attacker to cause a denial of service via the AMF, NGAP, security.go, handler_generated.go, handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, GetSecurityHeaderType components

AI-Powered Analysis

AILast updated: 07/07/2025, 23:09:37 UTC

Technical Analysis

CVE-2025-29632 is a buffer overflow vulnerability identified in Free5gc version 4.0.0, an open-source 5G core network implementation. The vulnerability resides in multiple components related to the Access and Mobility Management Function (AMF) and the Next Generation Application Protocol (NGAP), specifically within the security.go, handler_generated.go files, and functions such as handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, and GetSecurityHeaderType. These components are responsible for processing initial UE (User Equipment) messages and decoding NAS (Non-Access Stratum) messages without integrity checks. The buffer overflow can be triggered remotely without authentication or user interaction, allowing an attacker to cause a denial of service (DoS) condition by crashing or destabilizing the AMF service. The vulnerability is classified under CWE-120 (Classic Buffer Overflow), indicating improper bounds checking leading to memory corruption. The CVSS v3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), high attack complexity (AC:H), no privileges required (PR:N), no user interaction (UI:N), and a scope change (S:C). The impact affects confidentiality and integrity at a low level but does not affect availability directly, although the DoS effect impacts service availability indirectly. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability's presence in core 5G network components makes it a significant concern for telecom operators and service providers deploying Free5gc in production environments.

Potential Impact

For European organizations, especially telecom operators and infrastructure providers deploying Free5gc or derivatives in their 5G core networks, this vulnerability poses a risk of service disruption through denial of service attacks. The AMF is a critical component managing mobility and session management for 5G UEs; its compromise or instability can lead to dropped connections, degraded network performance, and potential cascading failures in dependent network functions. Although the vulnerability does not directly allow data exfiltration or privilege escalation, the loss of integrity and confidentiality at a low level combined with service unavailability can impact customer trust, regulatory compliance (e.g., GDPR mandates on service reliability and data protection), and operational continuity. Given the increasing adoption of 5G in Europe for critical infrastructure, IoT, and enterprise services, disruptions could have broader economic and societal impacts. Additionally, the remote and unauthenticated nature of the exploit increases the attack surface, making it accessible to a wide range of threat actors, including nation-state adversaries and cybercriminals targeting telecom infrastructure.

Mitigation Recommendations

European organizations should prioritize the following mitigation steps: 1) Immediate code review and testing of Free5gc deployments to identify if version 4.0.0 or vulnerable forks are in use. 2) Implement network-level protections such as strict ingress filtering and anomaly detection on NGAP and AMF interfaces to detect and block malformed or suspicious NAS messages that could trigger the buffer overflow. 3) Employ runtime application self-protection (RASP) or memory safety tools to detect and prevent buffer overflow exploitation attempts. 4) Engage with the Free5gc community or vendors for timely patches or backported fixes once available; consider contributing to or monitoring open-source repositories for updates. 5) Harden the AMF and related network functions by isolating them in secure, monitored environments with limited exposure to untrusted networks. 6) Conduct regular security audits and penetration testing focused on 5G core components to identify similar vulnerabilities proactively. 7) Develop incident response plans specific to 5G core network disruptions to minimize downtime and impact in case of exploitation.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2025-03-11T00:00:00.000Z
Cvss Version
null
State
PUBLISHED

Threat ID: 6838998d182aa0cae2870d21

Added to database: 5/29/2025, 5:29:49 PM

Last enriched: 7/7/2025, 11:09:37 PM

Last updated: 8/12/2025, 1:35:13 AM

Views: 21

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats