CVE-2025-55904 is a medium severity vulnerability affecting Open5GS version 2.7.5 and earlier, prior to a specific commit (67ba7f92bbd7a378954895d96d9d7b05d5b64615). Open5GS is an open-source implementation of the 5G core network, widely used for research, development, and some production environments. The vulnerability arises from a NULL pointer dereference in the parse_multipart function located in lib/sbi/message.c. Specifically, when a multipart/related HTTP POST request with an empty HTTP body is sent to the Service-Based Interface (SBI) of any of the core network functions—namely AMF (Access and Mobility Management Function), AUSF (Authentication Server Function), BSF (Binding Support Function), NRF (Network Repository Function), NSSF (Network Slice Selection Function), PCF (Policy Control Function), SMF (Session Management Function), UDM (Unified Data Management), or UDR (Unified Data Repository)—the system attempts to dereference a NULL pointer. This results in a denial of service (DoS) condition, causing the affected network function to crash or become unresponsive. The vulnerability is classified under CWE-476 (NULL Pointer Dereference), which typically leads to application crashes or system instability. The CVSS v3.1 base score is 4.0 (medium), reflecting that the attack vector is local (AV:L), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), and impacts only availability (A:L) without affecting confidentiality or integrity. No known exploits are reported in the wild, and no official patches are linked yet. However, the vulnerability poses a risk to the stability and availability of 5G core network functions if exploited, potentially disrupting mobile network services dependent on Open5GS deployments.

For European organizations, especially telecom operators, research institutions, and enterprises deploying Open5GS for private 5G networks, this vulnerability could lead to partial or full denial of service of critical 5G core network functions. Disruption of AMF, SMF, or NRF services can degrade or halt subscriber mobility management, session management, and network function discovery, impacting end-user connectivity and service continuity. Given the increasing adoption of 5G infrastructure in Europe for industrial automation, smart cities, and critical communications, such outages could affect business operations, emergency services, and IoT deployments. Although the attack vector is local, meaning the attacker needs network access to the SBI endpoints, compromised internal systems or malicious insiders could exploit this to cause service interruptions. The lack of confidentiality or integrity impact reduces risks of data breaches, but availability degradation in telecom core functions can have cascading effects on dependent services and SLAs. The absence of known exploits suggests limited immediate threat, but proactive mitigation is essential to maintain network reliability and trust.

European organizations should prioritize the following mitigations: 1) Upgrade Open5GS to versions including the fix after commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615 as soon as patches become available. 2) Implement strict input validation and filtering on the SBI endpoints to reject malformed or empty multipart/related HTTP POST requests before they reach vulnerable code paths. 3) Employ network segmentation and access controls to restrict access to SBI interfaces only to trusted internal systems and authenticated network functions, minimizing exposure to untrusted sources. 4) Monitor logs and network traffic for unusual multipart HTTP POST requests with empty bodies targeting SBI endpoints, enabling early detection of exploitation attempts. 5) Conduct regular security assessments and fuzz testing on Open5GS deployments to identify similar parsing vulnerabilities proactively. 6) Develop and test incident response plans to quickly recover affected network functions in case of DoS incidents. 7) Collaborate with Open5GS community and vendors for timely updates and security advisories. These measures go beyond generic advice by focusing on network-level protections, input validation, and operational readiness specific to the 5G core network context.