CVE-2025-8800 is a vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The flaw exists in the esm_handle_pdn_connectivity_request function within the Access and Mobility Management Function (AMF) component, specifically in the source file src/mme/esm-handler.c. This vulnerability allows an unauthenticated remote attacker to manipulate the PDN connectivity request handling process, leading to a denial of service (DoS) condition. The DoS impact likely results from improper handling of malformed or maliciously crafted PDN connectivity requests, causing the AMF component to crash or become unresponsive, thereby disrupting the 5G core network services. The vulnerability affects Open5GS versions 2.7.0 through 2.7.5. The issue has been rated with a CVSS 4.0 base score of 6.9 (medium severity), reflecting its network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on availability. The vulnerability does not impact confidentiality or integrity. The vendor has addressed this issue in version 2.7.6, and a patch identified by the commit hash 701505102f514cbde2856cd2ebc9bedb7efc820d is available. No known exploits are currently reported in the wild. Given the critical role of the AMF in managing mobility and session states in 5G networks, exploitation of this vulnerability could disrupt mobile network operations, affecting user connectivity and service availability.

For European organizations, particularly telecom operators and enterprises deploying private 5G networks using Open5GS, this vulnerability poses a risk of service disruption. A successful DoS attack could lead to temporary loss of connectivity for subscribers, impacting critical communications, IoT services, and enterprise applications reliant on 5G connectivity. This disruption could affect emergency services, industrial automation, and other latency-sensitive applications. While the vulnerability does not compromise data confidentiality or integrity, the availability impact could result in financial losses, reputational damage, and regulatory scrutiny under frameworks such as the NIS Directive. Organizations operating 5G infrastructure must consider the potential for targeted attacks aiming to degrade network performance or availability, especially in high-dependency environments.

European organizations should promptly upgrade Open5GS deployments to version 2.7.6 or later to remediate this vulnerability. In addition to patching, network operators should implement strict input validation and anomaly detection mechanisms at the network edge to identify and block malformed PDN connectivity requests. Deploying rate limiting and traffic filtering on interfaces exposed to untrusted networks can reduce the risk of exploitation. Continuous monitoring of AMF component logs and network telemetry for unusual patterns indicative of DoS attempts is recommended. Organizations should also conduct regular security assessments and penetration testing of their 5G core components to identify potential weaknesses. For private 5G deployments, isolating critical network functions and enforcing strong access controls can further mitigate risk. Finally, maintaining an incident response plan tailored to 5G network disruptions will help minimize operational impact in case of exploitation.