Skip to main content

CVE-2025-5501: Reachable Assertion in Open5GS

Medium
VulnerabilityCVE-2025-5501cvecve-2025-5501
Published: Tue Jun 03 2025 (06/03/2025, 14:00:21 UTC)
Source: CVE Database V5
Vendor/Project: n/a
Product: Open5GS

Description

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.

AI-Powered Analysis

AILast updated: 07/11/2025, 07:03:22 UTC

Technical Analysis

CVE-2025-5501 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.3. Open5GS is an open-source implementation of 5G core network components, widely used for research, development, and some production environments in mobile telecommunications. The vulnerability resides in the NGAP (Next Generation Application Protocol) PathSwitchRequest Message Handler, specifically in the function ngap_handle_path_switch_request_transfer within the source file src/smf/ngap-handler.c. This function processes PathSwitchRequest messages, which are critical for managing UE (User Equipment) mobility and session continuity during handover events in 5G networks. The vulnerability manifests as a reachable assertion failure triggered by crafted NGAP PathSwitchRequest messages. An assertion failure typically indicates that the program encounters an unexpected condition and aborts execution, potentially leading to denial of service (DoS) by crashing the affected component. The vulnerability can be exploited remotely without authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/PR:N/UI:N). Although the CVSS score is 6.9 (medium severity), the impact is primarily on availability due to potential service disruption. The vulnerability does not impact confidentiality or integrity directly. The exploit has been publicly disclosed, increasing the risk of exploitation, although no confirmed exploits in the wild have been reported yet. A patch has been developed and identified by commit 2daa44adab762c47a8cef69cc984946973a845b3, and it is strongly recommended to apply this update promptly to mitigate the risk. Given the critical role of Open5GS in 5G core networks, this vulnerability could disrupt mobile network operations if exploited.

Potential Impact

For European organizations, especially telecommunications providers and infrastructure operators deploying Open5GS, this vulnerability poses a risk of service disruption. The NGAP PathSwitchRequest message is essential for handling mobility and session continuity in 5G networks; thus, exploitation could lead to denial of service conditions affecting user connectivity and network reliability. This could degrade customer experience, cause financial losses, and impact critical communications services. Additionally, organizations relying on Open5GS for private 5G networks in industrial, governmental, or research contexts may face operational interruptions. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact on 5G core network functions could have cascading effects on dependent services and applications. Given the remote and unauthenticated nature of the exploit, attackers could target vulnerable systems from outside the network perimeter, increasing the threat surface. The public disclosure of the exploit details further elevates the urgency for European entities to assess and remediate affected systems to maintain network stability and service continuity.

Mitigation Recommendations

1. Immediate application of the official patch identified by commit 2daa44adab762c47a8cef69cc984946973a845b3 to all Open5GS deployments running affected versions (2.7.0 to 2.7.3). 2. Implement network-level filtering to restrict and monitor NGAP traffic, allowing only trusted and authenticated sources to communicate with the 5G core network components. 3. Deploy intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics to detect anomalous or malformed NGAP PathSwitchRequest messages indicative of exploitation attempts. 4. Conduct thorough testing of patched systems in staging environments to ensure stability and compatibility before production deployment. 5. Maintain up-to-date asset inventories to identify all Open5GS instances and ensure comprehensive patch coverage. 6. Establish monitoring and alerting for unexpected service interruptions or crashes in the SMF (Session Management Function) components handling NGAP messages. 7. Engage with vendors and community forums for ongoing updates and best practices related to Open5GS security. 8. Consider network segmentation and zero-trust principles to limit exposure of core network functions to untrusted networks.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-06-03T05:20:34.328Z
Cvss Version
4.0
State
PUBLISHED

Threat ID: 683f034b182aa0cae27e66e6

Added to database: 6/3/2025, 2:14:35 PM

Last enriched: 7/11/2025, 7:03:22 AM

Last updated: 8/17/2025, 1:29:54 PM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats