CVE-2025-41067 is a reachable assertion vulnerability classified under CWE-617 affecting NewPlane's Open5GS product, specifically versions up to 2.7.6. Open5GS is an open-source 5G core network implementation widely used for 5G network functions, including the Network Repository Function (NRF), which manages service discovery and registration within the 5G core. The vulnerability arises when an attacker with network connectivity to the NRF sends a Service-Based Interface (SBI) request designed to delete the NRF's own registry data. This triggers an assertion check within the NRF code that is reachable and fails, causing the NRF process to crash. The crash results in a denial of service (DoS) condition, rendering the discovery service unavailable and potentially disrupting 5G core network operations dependent on the NRF. The vulnerability requires no privileges, authentication, or user interaction, making it remotely exploitable with low complexity. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L) indicates network attack vector, low attack complexity, no privileges or user interaction required, no impact on confidentiality or integrity, but high impact on availability. No patches or mitigations have been published at the time of disclosure, and no known exploits are reported in the wild. This vulnerability highlights a critical weakness in input validation and error handling in the NRF component of Open5GS, which could be leveraged to disrupt 5G network services.

The primary impact of CVE-2025-41067 is a denial of service on the NRF component of Open5GS, which is critical for 5G core network service discovery and registration. For European organizations, especially telecom operators and 5G service providers relying on Open5GS, this can lead to significant network disruptions, affecting service availability for end-users and enterprise customers. Disruption of the NRF can cascade to other 5G core functions that depend on it, potentially degrading overall network performance and reliability. This could impact critical communications infrastructure, emergency services, and industrial IoT applications that rely on 5G connectivity. The lack of authentication and ease of exploitation increase the risk of opportunistic or targeted attacks. Given the strategic importance of 5G networks in Europe’s digital economy and public safety, this vulnerability poses a substantial operational risk. Additionally, denial of service conditions can lead to financial losses, reputational damage, and regulatory scrutiny under European data protection and telecom regulations.

Until an official patch is released, European organizations should implement strict network segmentation and access controls to limit connectivity to the NRF interface only to trusted internal systems and management networks. Deploy firewall rules or network ACLs to block unauthorized SBI requests targeting the NRF. Monitor network traffic for anomalous SBI delete requests or unexpected registry modification attempts. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics tuned to detect suspicious NRF interactions. Consider deploying redundancy and failover mechanisms for the NRF to minimize service disruption in case of crashes. Engage with NewPlane and Open5GS community for updates and patches, and plan for rapid deployment once available. Conduct thorough security assessments and penetration testing focused on 5G core components to identify similar weaknesses. Document incident response procedures specifically for NRF service outages to ensure rapid recovery. Finally, maintain up-to-date backups of NRF registry data if feasible to aid in recovery.