CVE-2025-8801 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The vulnerability affects versions 2.7.0 through 2.7.5, specifically within the Access and Mobility Management Function (AMF) component, in the function gmm_state_exception located in src/amf/gmm-sm.c. The flaw allows an unauthenticated remote attacker to trigger a denial of service condition by manipulating the state handling logic of the AMF, causing the affected service to crash or become unresponsive. This vulnerability does not require any user interaction or privileges, and can be exploited remotely over the network. The issue has been publicly disclosed, and a patch has been released in Open5GS version 2.7.6, identified by commit f47f2bd4f7274295c5fbb19e2f806753d183d09a. The CVSS v4.0 base score is 6.9 (medium severity), reflecting the network attack vector, low complexity, no privileges or user interaction required, and limited impact to availability only. No known exploits are currently observed in the wild, but the public disclosure increases the risk of exploitation attempts. Given Open5GS’s role as a 5G core network implementation, this vulnerability could disrupt mobile network services relying on affected versions, impacting service availability and potentially causing outages in 5G infrastructure deployments that use this software.

For European organizations, the impact of CVE-2025-8801 could be significant, particularly for telecom operators, mobile virtual network operators (MVNOs), and enterprises deploying private 5G networks using Open5GS. A successful DoS attack against the AMF component can disrupt subscriber mobility management, leading to dropped connections, failed handovers, and overall degradation or outage of 5G services. This can affect critical communications, IoT deployments, and enterprise applications relying on 5G connectivity. The disruption could also impact emergency services and public safety communications if they depend on affected networks. Additionally, service outages can lead to financial losses, reputational damage, and regulatory scrutiny under European data protection and telecom regulations. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact alone is critical for network operators and their customers.

European organizations should immediately upgrade Open5GS deployments to version 2.7.6 or later, which contains the patch addressing this vulnerability. Network administrators should audit their 5G core network components to identify any use of vulnerable Open5GS versions. In addition to patching, organizations should implement network-level protections such as rate limiting and anomaly detection on AMF interfaces to detect and block suspicious traffic patterns that could trigger the DoS. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned for this vulnerability can help mitigate exploitation attempts. Segmentation of the 5G core network and strict access controls can reduce exposure to untrusted networks. Regular monitoring of system logs and performance metrics can provide early warning of attempted exploitation or service degradation. Finally, organizations should maintain an incident response plan tailored to 5G network disruptions to minimize downtime and coordinate rapid recovery.