CVE-2025-41068 is a reachable assertion vulnerability identified in the Open5GS project, specifically affecting versions up to 2.7.6. Open5GS is an open-source implementation of the 5G core network, widely used for research, testing, and in some production environments. The vulnerability resides in the Network Repository Function (NRF), which is responsible for service discovery and registration of Network Functions (NFs) within the 5G core. An attacker with network connectivity to the NRF can exploit this flaw by sending a crafted request to create an NF with an invalid or unexpected type via the Service-Based Interface (SBI). Subsequently, when the attacker requests data related to this NF, the NRF performs an assertion check that fails due to the invalid NF type, causing the NRF process to crash. This crash leads to a denial of service (DoS) condition, making the NRF unavailable and disrupting the discovery and registration services critical for 5G core operations. The vulnerability requires no authentication or user interaction, making it remotely exploitable with low complexity. The CVSS 4.0 score of 8.7 reflects the high impact on availability and the ease of exploitation. While no public exploits have been reported yet, the nature of the vulnerability poses a significant risk to the stability of 5G networks relying on Open5GS. The lack of available patches at the time of publication increases the urgency for operators to implement interim mitigations or monitor for suspicious activity targeting the NRF.

The primary impact of CVE-2025-41068 is a denial of service against the NRF component of the 5G core network, which is essential for the discovery and registration of network functions. For European organizations, particularly telecom operators and service providers deploying Open5GS or similar open-source 5G core solutions, this vulnerability could lead to significant service disruptions. The NRF becoming unresponsive can cause cascading failures in network function discovery, impairing the overall 5G core functionality, potentially affecting subscriber connectivity, service delivery, and network management. This disruption could degrade user experience, impact critical communications, and cause financial and reputational damage. Given the increasing reliance on 5G for industrial, governmental, and consumer applications across Europe, the availability of the core network is paramount. Furthermore, attackers exploiting this vulnerability do not require authentication, increasing the risk of opportunistic attacks. The absence of known exploits in the wild currently provides a window for mitigation, but the high severity score indicates that exploitation could have widespread consequences if weaponized.

1. Immediate network segmentation and access control: Restrict network access to the NRF service to trusted management and network functions only, minimizing exposure to untrusted networks. 2. Implement strict input validation and filtering at the network perimeter to block malformed or suspicious SBI requests attempting to create NFs with invalid types. 3. Monitor NRF logs and network traffic for anomalous requests that attempt to create or query NFs with unexpected or invalid parameters. 4. Engage with the Open5GS community and vendor to obtain patches or updates addressing this vulnerability as soon as they become available. 5. Consider deploying redundancy and failover mechanisms for the NRF to maintain service availability in case of crashes. 6. Conduct regular security assessments and penetration testing focused on the 5G core components to identify and remediate similar vulnerabilities proactively. 7. Develop incident response plans specific to 5G core network disruptions to minimize downtime and coordinate rapid recovery. 8. Where possible, apply runtime protections such as sandboxing or process isolation for the NRF to limit the impact of crashes. 9. Keep all 5G core network components updated with the latest security patches and advisories from vendors and open-source projects.