CVE-2025-8801 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.5. Open5GS is an open-source implementation of the 5G core network, widely used for research, testing, and some production environments. The vulnerability resides in the AMF (Access and Mobility Management Function) component, specifically in the gmm_state_exception function within the src/amf/gmm-sm.c source file. This function handles state exceptions related to the GPRS Mobility Management (GMM) protocol. The flaw allows an unauthenticated remote attacker to trigger a denial of service (DoS) condition by manipulating the state machine, causing the AMF component to crash or become unresponsive. The CVSS 4.0 score is 6.9 (medium), reflecting that the attack vector is network-based (AV:N), requires no privileges (PR:N), no user interaction (UI:N), and no authentication (AT:N). The vulnerability does not impact confidentiality, integrity, or availability beyond causing a DoS (VA:L). The vulnerability is exploitable remotely without authentication, making it a significant risk for affected deployments. The issue has been publicly disclosed, and a patch is available in Open5GS version 2.7.6, identified by commit f47f2bd4f7274295c5fbb19e2f806753d183d09a. Organizations using Open5GS in their 5G core infrastructure should prioritize upgrading to the fixed version to mitigate potential service disruptions. No known exploits in the wild have been reported yet, but public disclosure increases the risk of exploitation attempts.

For European organizations, the impact of this vulnerability can be substantial, particularly for telecom operators, network equipment providers, and enterprises deploying private 5G networks using Open5GS. A successful DoS attack against the AMF component can disrupt 5G core network services, leading to loss of connectivity for subscribers, degraded network performance, and potential cascading failures in dependent network functions. This disruption can affect critical communications, IoT services, and enterprise applications relying on 5G connectivity. Given the increasing adoption of 5G networks across Europe for smart cities, industrial automation, and public safety, any interruption in core network functions can have operational and reputational consequences. Additionally, the vulnerability's remote and unauthenticated exploitability means attackers do not need insider access, increasing the threat surface. While no direct data breach or integrity compromise is indicated, the availability impact alone can cause significant business and service continuity issues.

To mitigate this vulnerability, European organizations should: 1) Immediately upgrade Open5GS deployments to version 2.7.6 or later, which contains the patch addressing CVE-2025-8801. 2) Implement network-level protections such as firewall rules and intrusion detection/prevention systems (IDS/IPS) to monitor and block anomalous traffic targeting the AMF component, especially from untrusted sources. 3) Segment the 5G core network infrastructure to limit exposure of the AMF to external networks, restricting access to trusted management and signaling entities only. 4) Employ continuous monitoring and logging of AMF service health and network traffic to detect early signs of exploitation attempts or service degradation. 5) Conduct regular vulnerability assessments and penetration testing focused on 5G core components to identify and remediate similar issues proactively. 6) Collaborate with vendors and the open-source community to stay informed about emerging threats and patches related to Open5GS and 5G core security.