CVE-2025-57446 is a denial of service (DoS) vulnerability identified in the O-RAN Near Real-time RIC (RAN Intelligent Controller) component named ric-plt-submgr, specifically within the Subscription Manager API in the J-Release environment. The O-RAN architecture is an open and interoperable radio access network framework designed to enable more flexible and intelligent 5G network management. The Near Real-time RIC is a critical component responsible for managing and optimizing radio resources with low latency. The vulnerability allows remote attackers to send specially crafted requests to the Subscription Manager API, which handles subscription-related operations within the ric-plt-submgr module. Exploiting this flaw can cause the targeted component to crash or become unresponsive, resulting in a denial of service condition. This disruption can degrade or interrupt the functionality of the Near Real-time RIC, potentially impacting the overall performance and reliability of the 5G RAN infrastructure that relies on it. The vulnerability does not currently have a CVSS score, no patches or mitigations have been published yet, and there are no known exploits in the wild. The lack of version specifics suggests the issue may affect multiple or all versions of the J-Release environment of the ric-plt-submgr. Given the critical role of the Near Real-time RIC in managing radio resources and network intelligence, a DoS attack could have significant operational consequences for mobile network operators deploying O-RAN based 5G networks.

For European organizations, particularly telecom operators and infrastructure providers deploying O-RAN based 5G networks, this vulnerability poses a risk of service disruption. A successful DoS attack against the ric-plt-submgr Subscription Manager API could degrade network performance, reduce availability of 5G services, and impact end-user experience. This could affect critical services relying on 5G connectivity, including IoT deployments, industrial automation, and emergency communications. Additionally, network operators may face increased operational costs due to incident response and potential SLA violations. The disruption of the Near Real-time RIC could also hinder dynamic network optimization capabilities, reducing the efficiency and adaptability of the RAN. While no known exploits exist yet, the public disclosure of this vulnerability could motivate threat actors to develop exploits targeting 5G infrastructure, which is strategically important in Europe’s digital economy and critical infrastructure landscape.

Given the absence of patches or official mitigations, European organizations should implement the following specific measures: 1) Monitor network traffic to the Subscription Manager API for anomalous or malformed requests that could indicate exploitation attempts. 2) Employ strict access controls and network segmentation to limit exposure of the ric-plt-submgr component to untrusted networks or users. 3) Implement rate limiting and input validation at the API gateway or firewall level to reduce the risk of crafted requests causing DoS. 4) Engage with O-RAN software vendors and open-source communities to track patch releases and apply updates promptly once available. 5) Conduct thorough testing in controlled environments to understand the vulnerability’s impact and develop incident response playbooks tailored to potential DoS scenarios. 6) Collaborate with national cybersecurity agencies and industry groups to share threat intelligence and mitigation strategies related to O-RAN vulnerabilities.