CVE-2025-5501 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.3. Open5GS is an open-source implementation of 5G core network components, widely used for research, development, and some production environments in mobile telecommunications. The vulnerability resides in the NGAP (Next Generation Application Protocol) PathSwitchRequest Message Handler, specifically in the function ngap_handle_path_switch_request_transfer within the source file src/smf/ngap-handler.c. This function processes PathSwitchRequest messages, which are critical for managing UE (User Equipment) mobility and session continuity during handover events in 5G networks. The vulnerability manifests as a reachable assertion failure triggered by crafted NGAP PathSwitchRequest messages. An assertion failure typically indicates that the program encounters an unexpected condition and aborts execution, potentially leading to denial of service (DoS) by crashing the affected component. The vulnerability can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Although the CVSS score is 6.9 (medium severity), the impact is primarily on availability due to potential service disruption. The vulnerability does not impact confidentiality or integrity directly. The exploit has been publicly disclosed, increasing the risk of exploitation, although no confirmed exploits in the wild have been reported yet. A patch has been developed and identified by commit 2daa44adab762c47a8cef69cc984946973a845b3, and it is strongly recommended to apply this update promptly to mitigate the risk. Given the critical role of Open5GS in 5G core networks, this vulnerability could disrupt mobile network operations if exploited.

For European organizations, especially telecommunications providers and infrastructure operators deploying Open5GS, this vulnerability poses a risk of service disruption. The NGAP PathSwitchRequest message is essential for handling mobility and session continuity in 5G networks; thus, exploitation could lead to denial of service conditions affecting user connectivity and network reliability. This could degrade customer experience, cause financial losses, and impact critical communications services. Additionally, organizations relying on Open5GS for private 5G networks in industrial, governmental, or research contexts may face operational interruptions. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact on 5G core network functions could have cascading effects on dependent services and applications. Given the remote and unauthenticated nature of the exploit, attackers could target vulnerable systems from outside the network perimeter, increasing the threat surface. The public disclosure of the exploit details further elevates the urgency for European entities to assess and remediate affected systems to maintain network stability and service continuity.

1. Immediate application of the official patch identified by commit 2daa44adab762c47a8cef69cc984946973a845b3 to all Open5GS deployments running affected versions (2.7.0 to 2.7.3). 2. Implement network-level filtering to restrict and monitor NGAP traffic, allowing only trusted and authenticated sources to communicate with the 5G core network components. 3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous or malformed NGAP PathSwitchRequest messages indicative of exploitation attempts. 4. Conduct thorough testing of patched systems in staging environments to ensure stability and compatibility before production deployment. 5. Maintain up-to-date asset inventories to identify all Open5GS instances and ensure comprehensive patch coverage. 6. Establish monitoring and alerting for unexpected service interruptions or crashes in the SMF (Session Management Function) components handling NGAP messages. 7. Engage with vendors and community forums for ongoing updates and best practices related to Open5GS security. 8. Consider network segmentation and zero-trust principles to limit exposure of core network functions to untrusted networks.