CVE-2025-8799 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The vulnerability affects versions 2.7.0 through 2.7.5 of Open5GS and resides in the AMF (Access and Mobility Management Function) component, specifically within the functions amf_npcf_am_policy_control_build_create and amf_nsmf_pdusession_build_create_sm_context located in the source file src/amf/npcf-build.c. These functions are responsible for building policy control and session management contexts. The vulnerability arises from improper handling or manipulation of inputs to these functions, which can be exploited remotely without authentication or user interaction to cause a denial of service condition. This could lead to the AMF component crashing or becoming unresponsive, thereby disrupting the 5G core network services dependent on Open5GS. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting its network attack vector, low attack complexity, and no privileges or user interaction required. The scope is limited to availability impact, with no confidentiality or integrity impact. A patch addressing this issue was released in Open5GS version 2.7.6, identified by commit cf63dd63197bf61a4b041aa364ba6a6199ab15e4. Organizations using affected versions are strongly advised to upgrade to this patched version to mitigate the risk. Although no known exploits are currently reported in the wild, the public disclosure of the vulnerability increases the risk of exploitation attempts.

For European organizations, the impact of this vulnerability can be significant, particularly for telecom operators, infrastructure providers, and enterprises deploying private 5G networks using Open5GS. A successful DoS attack against the AMF component can disrupt critical 5G core network functions such as mobility management and session control, leading to service outages or degraded network performance. This can affect end-user connectivity, IoT device communication, and enterprise applications relying on 5G connectivity. Given the increasing adoption of 5G networks across Europe for smart cities, industrial automation, and critical infrastructure, such disruptions could have cascading effects on business operations and public services. Additionally, the remote and unauthenticated nature of the exploit increases the risk of widespread attacks, potentially impacting multiple operators or service providers simultaneously. While the vulnerability does not compromise data confidentiality or integrity, the availability impact alone can cause significant operational and reputational damage.

European organizations should prioritize upgrading Open5GS deployments to version 2.7.6 or later, which contains the official patch for CVE-2025-8799. Network administrators should implement strict network segmentation and firewall rules to limit exposure of the AMF component to untrusted networks, reducing the attack surface. Monitoring and anomaly detection systems should be enhanced to identify unusual traffic patterns or repeated requests targeting the vulnerable functions, enabling early detection of exploitation attempts. Additionally, organizations should conduct regular vulnerability assessments and penetration testing focused on 5G core components to identify and remediate similar issues proactively. For private 5G deployments, consider deploying redundant AMF instances with failover capabilities to minimize service disruption in case of an attack. Finally, maintain close coordination with Open5GS community updates and security advisories to stay informed of any further developments or related vulnerabilities.