CVE-2025-8802 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The vulnerability affects versions 2.7.0 through 2.7.5, specifically within the SMF (Session Management Function) component, in the function smf_state_operational located in the source file src/smf/smf-sm.c. The flaw arises from improper handling or manipulation of the argument 'stream' passed to this function, which can be exploited remotely without any authentication or user interaction. An attacker can send crafted network packets to the vulnerable SMF component, causing it to crash or become unresponsive, resulting in denial of service. This disrupts the session management capabilities of the 5G core network, potentially impacting subscriber connectivity and service availability. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting its network attack vector, low complexity, and no required privileges or user interaction. Although no known exploits have been observed in the wild, the exploit code has been publicly disclosed, increasing the risk of exploitation. The issue is addressed in Open5GS version 2.7.6, with a patch identified by commit f168f7586a4fa536cee95ae60ac437d997f15b97. Operators running affected versions are strongly advised to upgrade promptly to mitigate the risk of service disruption.

For European organizations, particularly telecom operators and infrastructure providers deploying Open5GS as part of their 5G core network, this vulnerability poses a significant risk to network availability and service continuity. A successful DoS attack against the SMF component can interrupt session management functions, leading to dropped connections, failed session establishments, and degraded user experience for mobile subscribers. This can affect critical communications, emergency services, and enterprise applications relying on 5G connectivity. Given the increasing adoption of Open5GS in private and public 5G networks across Europe, the impact extends beyond traditional telecom providers to industries such as manufacturing, transportation, and healthcare that depend on reliable 5G services. Additionally, disruption of 5G core functions could have cascading effects on other network functions and services, amplifying operational risks. The medium severity rating reflects that while the vulnerability does not directly compromise confidentiality or integrity, the availability impact on essential network services is non-trivial and could result in financial losses, reputational damage, and regulatory scrutiny under frameworks like GDPR and NIS Directive.

1. Immediate upgrade to Open5GS version 2.7.6 or later, which contains the patch addressing CVE-2025-8802. 2. Implement network-level filtering and anomaly detection to identify and block malformed or suspicious packets targeting the SMF component, reducing exposure to remote exploitation attempts. 3. Employ redundancy and failover mechanisms for the SMF and other critical 5G core network functions to maintain service continuity in case of DoS events. 4. Conduct regular security audits and vulnerability assessments of 5G core network components, including Open5GS deployments, to ensure timely identification and remediation of vulnerabilities. 5. Monitor public vulnerability databases and threat intelligence feeds for updates on exploit activity related to this CVE to adapt defenses accordingly. 6. Restrict access to management and signaling interfaces of the SMF to trusted networks and enforce strict access controls to minimize attack surface. 7. Collaborate with vendors and open-source communities to stay informed about patches and best practices for securing 5G core implementations.