CVE-2025-5935 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.3, specifically within the function common_register_state located in the src/mme/emm-sm.c file of the AMF/MME component. Open5GS is an open-source implementation of 5G core network elements, widely used for mobile network infrastructure. The vulnerability arises from improper handling of the ran_ue_id argument, which can be manipulated by an attacker to cause a denial of service (DoS) condition. This manipulation leads to the disruption of the affected component, potentially causing service outages in the 5G core network's Access and Mobility Management Function (AMF) or Mobility Management Entity (MME). The attack vector is remote and requires no authentication or user interaction, making exploitation relatively straightforward. The vulnerability has been publicly disclosed, and a patch identified by commit 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 is available to remediate the issue. The CVSS v4.0 base score is 6.9, reflecting a medium severity level, with the attack complexity low, no privileges required, and no user interaction needed. While no known exploits are currently observed in the wild, the public disclosure increases the risk of exploitation attempts.

For European organizations, especially telecommunications providers and infrastructure operators deploying Open5GS as part of their 5G core network, this vulnerability poses a risk of service disruption. A successful DoS attack could degrade or completely interrupt mobile network services, affecting voice, data, and signaling traffic. This could impact critical communications, emergency services, and enterprise connectivity relying on 5G networks. The disruption could also lead to reputational damage and regulatory scrutiny under frameworks such as the EU NIS Directive and GDPR if service availability is compromised. Given the remote and unauthenticated nature of the exploit, attackers could launch attacks from outside the network perimeter, increasing the threat surface. The medium severity score reflects that while confidentiality and integrity are not directly impacted, availability is significantly affected, which is critical for telecom operators.

European organizations should prioritize applying the official patch identified by commit 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 to all affected Open5GS instances immediately. Beyond patching, network operators should implement strict network segmentation and filtering to limit exposure of the AMF/MME interfaces to untrusted networks. Deploying anomaly detection systems to monitor for unusual signaling traffic or malformed ran_ue_id values can help detect exploitation attempts early. Rate limiting and connection throttling on signaling interfaces may reduce the impact of DoS attempts. Operators should also review their incident response plans to address potential 5G core network outages and coordinate with upstream providers and regulators. Regular vulnerability scanning and security audits of Open5GS deployments will help ensure no unpatched instances remain. Finally, maintaining up-to-date threat intelligence feeds can provide early warnings of emerging exploits targeting this vulnerability.