CVE-2025-66786 identifies a logical error vulnerability in OpenAirInterface CN5G Access and Mobility Management Function (AMF) software versions up to 2.0.1. The AMF is a critical component of the 5G core network responsible for managing connection and mobility of user equipment. The vulnerability arises from improper handling of JSON-formatted requests sent to the AMF's Service-Based Interface (SBI). Specifically, an attacker can craft malicious JSON data that exploits this logical flaw to trigger a denial-of-service (DoS) condition, effectively disrupting the AMF's operation. This attack vector is notable because it does not require authentication, allowing any remote attacker with network access to the SBI interface to exploit it. The SBI interface typically uses HTTP/2 and RESTful APIs for communication between 5G core network functions, making it a critical attack surface. The vulnerability's exploitation leads to resource exhaustion or crashes in the AMF, causing service interruptions in the 5G network. No patches or fixes are currently linked, and no public exploits have been reported, but the vulnerability is published and reserved under CVE-2025-66786. The lack of a CVSS score necessitates an independent severity assessment based on impact and exploitability factors.

For European organizations, particularly telecom operators and 5G service providers, this vulnerability poses a significant risk to network availability and service continuity. Exploitation can lead to denial-of-service conditions in the AMF, disrupting user mobility management and potentially causing widespread 5G service outages. This can affect critical services relying on 5G connectivity, including emergency communications, IoT deployments, and industrial automation. The disruption could also result in financial losses, reputational damage, and regulatory scrutiny under EU cybersecurity and telecom regulations. Given the increasing reliance on 5G infrastructure across Europe, the impact extends beyond telecom operators to enterprises and consumers dependent on stable mobile connectivity. The vulnerability's remote exploitability without authentication increases the threat level, as attackers can launch attacks from outside the network perimeter if the SBI interface is exposed or insufficiently protected.

European organizations should immediately assess their deployment of OpenAirInterface CN5G AMF and identify instances running versions up to 2.0.1. Until patches are available, implement strict network segmentation to isolate the SBI interface from untrusted networks and restrict access to trusted management and core network segments only. Deploy Web Application Firewalls (WAFs) or API gateways capable of validating and sanitizing JSON payloads to detect and block malformed or suspicious requests targeting the SBI interface. Enable comprehensive logging and real-time monitoring of SBI traffic to identify anomalous patterns indicative of exploitation attempts. Collaborate with OpenAirInterface developers and vendors to obtain security updates and apply patches promptly once released. Additionally, conduct regular security audits and penetration testing focused on 5G core network components to uncover and remediate similar logical errors. Educate network operations teams on this vulnerability to enhance incident response readiness.