CVE-2025-8802 is a medium severity vulnerability affecting Open5GS versions up to 2.7.5, specifically in the SMF (Session Management Function) component. The flaw resides in the function smf_state_operational within the source file src/smf/smf-sm.c. The vulnerability is triggered by manipulating the argument 'stream' passed to this function, which leads to a denial of service (DoS) condition. This means an attacker can remotely cause the SMF component to crash or become unresponsive, disrupting session management in the 5G core network. The vulnerability requires no authentication or user interaction and can be exploited over the network, making it relatively easy to trigger. The disclosed exploit allows attackers to interrupt service availability, potentially impacting network operators relying on Open5GS for 5G core network infrastructure. The issue is addressed in Open5GS version 2.7.6, with the patch identified by commit f168f7586a4fa536cee95ae60ac437d997f15b97. The CVSS v4.0 base score is 6.9, reflecting a medium severity rating due to the impact on availability and ease of exploitation without privileges or user interaction. The vulnerability does not affect confidentiality or integrity directly but can cause service outages that degrade network reliability.

For European organizations, especially telecom operators and service providers deploying Open5GS as part of their 5G core network infrastructure, this vulnerability poses a risk of service disruption. A successful DoS attack against the SMF component can interrupt session management, leading to dropped connections, degraded user experience, and potential revenue loss. Critical infrastructure relying on 5G connectivity, such as emergency services, IoT deployments, and industrial automation, could be adversely affected by outages. Given the increasing adoption of Open5GS in private and public 5G networks across Europe, the vulnerability could impact network availability and trust in service continuity. Additionally, the remote and unauthenticated nature of the exploit increases the attack surface, allowing threat actors to target vulnerable networks without prior access. While no known exploits are currently reported in the wild, the public disclosure of the vulnerability and exploit details raises the risk of opportunistic attacks.

European organizations should prioritize upgrading Open5GS deployments to version 2.7.6 or later, which contains the official patch for CVE-2025-8802. Network administrators should verify the version of Open5GS in use and apply the patch promptly to eliminate the vulnerability. In parallel, implementing network-level protections such as firewall rules to restrict access to the SMF component from untrusted networks can reduce exposure. Monitoring network traffic for unusual patterns targeting the SMF function may help detect exploitation attempts early. Organizations should also conduct regular security assessments and penetration testing focused on 5G core components to identify and remediate similar vulnerabilities proactively. Employing redundancy and failover mechanisms in the 5G core network can mitigate the impact of potential DoS attacks by maintaining service continuity. Finally, maintaining up-to-date threat intelligence feeds and subscribing to vulnerability advisories will ensure timely awareness of emerging threats and patches.