CVE-2025-5501: Reachable Assertion in Open5GS
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
AI Analysis
Technical Summary
CVE-2025-5501 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.3. Open5GS is an open-source implementation of 5G core network components, widely used for research, development, and some production environments in mobile telecommunications. The vulnerability resides in the NGAP (Next Generation Application Protocol) PathSwitchRequest Message Handler, specifically in the function ngap_handle_path_switch_request_transfer within the source file src/smf/ngap-handler.c. This function processes PathSwitchRequest messages, which are critical for managing UE (User Equipment) mobility and session continuity during handover events in 5G networks. The vulnerability manifests as a reachable assertion failure triggered by crafted NGAP PathSwitchRequest messages. An assertion failure typically indicates that the program encounters an unexpected condition and aborts execution, potentially leading to denial of service (DoS) by crashing the affected component. The vulnerability can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Although the CVSS score is 6.9 (medium severity), the impact is primarily on availability due to potential service disruption. The vulnerability does not impact confidentiality or integrity directly. The exploit has been publicly disclosed, increasing the risk of exploitation, although no confirmed exploits in the wild have been reported yet. A patch has been developed and identified by commit 2daa44adab762c47a8cef69cc984946973a845b3, and it is strongly recommended to apply this update promptly to mitigate the risk. Given the critical role of Open5GS in 5G core networks, this vulnerability could disrupt mobile network operations if exploited.
Potential Impact
For European organizations, especially telecommunications providers and infrastructure operators deploying Open5GS, this vulnerability poses a risk of service disruption. The NGAP PathSwitchRequest message is essential for handling mobility and session continuity in 5G networks; thus, exploitation could lead to denial of service conditions affecting user connectivity and network reliability. This could degrade customer experience, cause financial losses, and impact critical communications services. Additionally, organizations relying on Open5GS for private 5G networks in industrial, governmental, or research contexts may face operational interruptions. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact on 5G core network functions could have cascading effects on dependent services and applications. Given the remote and unauthenticated nature of the exploit, attackers could target vulnerable systems from outside the network perimeter, increasing the threat surface. The public disclosure of the exploit details further elevates the urgency for European entities to assess and remediate affected systems to maintain network stability and service continuity.
Mitigation Recommendations
1. Immediate application of the official patch identified by commit 2daa44adab762c47a8cef69cc984946973a845b3 to all Open5GS deployments running affected versions (2.7.0 to 2.7.3). 2. Implement network-level filtering to restrict and monitor NGAP traffic, allowing only trusted and authenticated sources to communicate with the 5G core network components. 3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous or malformed NGAP PathSwitchRequest messages indicative of exploitation attempts. 4. Conduct thorough testing of patched systems in staging environments to ensure stability and compatibility before production deployment. 5. Maintain up-to-date asset inventories to identify all Open5GS instances and ensure comprehensive patch coverage. 6. Establish monitoring and alerting for unexpected service interruptions or crashes in the SMF (Session Management Function) components handling NGAP messages. 7. Engage with vendors and community forums for ongoing updates and best practices related to Open5GS security. 8. Consider network segmentation and zero-trust principles to limit exposure of core network functions to untrusted networks.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Sweden, Finland, Poland, Belgium
CVE-2025-5501: Reachable Assertion in Open5GS
Description
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
AI-Powered Analysis
Technical Analysis
CVE-2025-5501 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.3. Open5GS is an open-source implementation of 5G core network components, widely used for research, development, and some production environments in mobile telecommunications. The vulnerability resides in the NGAP (Next Generation Application Protocol) PathSwitchRequest Message Handler, specifically in the function ngap_handle_path_switch_request_transfer within the source file src/smf/ngap-handler.c. This function processes PathSwitchRequest messages, which are critical for managing UE (User Equipment) mobility and session continuity during handover events in 5G networks. The vulnerability manifests as a reachable assertion failure triggered by crafted NGAP PathSwitchRequest messages. An assertion failure typically indicates that the program encounters an unexpected condition and aborts execution, potentially leading to denial of service (DoS) by crashing the affected component. The vulnerability can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Although the CVSS score is 6.9 (medium severity), the impact is primarily on availability due to potential service disruption. The vulnerability does not impact confidentiality or integrity directly. The exploit has been publicly disclosed, increasing the risk of exploitation, although no confirmed exploits in the wild have been reported yet. A patch has been developed and identified by commit 2daa44adab762c47a8cef69cc984946973a845b3, and it is strongly recommended to apply this update promptly to mitigate the risk. Given the critical role of Open5GS in 5G core networks, this vulnerability could disrupt mobile network operations if exploited.
Potential Impact
For European organizations, especially telecommunications providers and infrastructure operators deploying Open5GS, this vulnerability poses a risk of service disruption. The NGAP PathSwitchRequest message is essential for handling mobility and session continuity in 5G networks; thus, exploitation could lead to denial of service conditions affecting user connectivity and network reliability. This could degrade customer experience, cause financial losses, and impact critical communications services. Additionally, organizations relying on Open5GS for private 5G networks in industrial, governmental, or research contexts may face operational interruptions. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact on 5G core network functions could have cascading effects on dependent services and applications. Given the remote and unauthenticated nature of the exploit, attackers could target vulnerable systems from outside the network perimeter, increasing the threat surface. The public disclosure of the exploit details further elevates the urgency for European entities to assess and remediate affected systems to maintain network stability and service continuity.
Mitigation Recommendations
1. Immediate application of the official patch identified by commit 2daa44adab762c47a8cef69cc984946973a845b3 to all Open5GS deployments running affected versions (2.7.0 to 2.7.3). 2. Implement network-level filtering to restrict and monitor NGAP traffic, allowing only trusted and authenticated sources to communicate with the 5G core network components. 3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous or malformed NGAP PathSwitchRequest messages indicative of exploitation attempts. 4. Conduct thorough testing of patched systems in staging environments to ensure stability and compatibility before production deployment. 5. Maintain up-to-date asset inventories to identify all Open5GS instances and ensure comprehensive patch coverage. 6. Establish monitoring and alerting for unexpected service interruptions or crashes in the SMF (Session Management Function) components handling NGAP messages. 7. Engage with vendors and community forums for ongoing updates and best practices related to Open5GS security. 8. Consider network segmentation and zero-trust principles to limit exposure of core network functions to untrusted networks.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-06-03T05:20:34.328Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 683f034b182aa0cae27e66e6
Added to database: 6/3/2025, 2:14:35 PM
Last enriched: 7/11/2025, 7:03:22 AM
Last updated: 8/17/2025, 1:29:54 PM
Views: 20
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.