CVE-2025-8803 is a medium severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.5. Open5GS is an open-source implementation of the 5G core network, widely used for research, testing, and in some production environments. The vulnerability resides in the AMF (Access and Mobility Management Function) component, specifically within the gmm_state_de_registered and gmm_state_exception functions in the src/amf/gmm-sm.c source file. These functions handle state transitions related to the GPRS Mobility Management (GMM) protocol, which is critical for managing user equipment registration and mobility in the 5G core network. The flaw allows an unauthenticated remote attacker to manipulate these state functions, leading to a denial of service (DoS) condition. This DoS could disrupt the AMF’s ability to manage user registrations and mobility, potentially causing service interruptions or degraded network performance. The vulnerability does not require any authentication or user interaction, and the attack vector is network-based, making exploitation feasible remotely. The CVSS 4.0 base score is 6.9, reflecting a medium severity level with network attack vector, low attack complexity, no privileges required, and no user interaction needed. The vulnerability does not impact confidentiality, integrity, or availability beyond the DoS impact, and there are no known exploits in the wild at the time of publication. The issue is addressed in Open5GS version 2.7.6, with a patch identified by commit 1f30edac27f69f61cff50162e980fe58fdeb30ca. Upgrading to this version or later is recommended to mitigate the risk.

For European organizations, especially telecom operators, mobile network infrastructure providers, and enterprises deploying private 5G networks, this vulnerability poses a risk of service disruption. The AMF is a critical 5G core network function responsible for managing user equipment registration and mobility; a DoS attack on this component can result in dropped connections, failed registrations, and degraded network availability. This could impact end-user experience, disrupt business operations relying on 5G connectivity, and potentially affect emergency communications. Given the increasing adoption of 5G networks across Europe for industrial automation, smart cities, and critical infrastructure, any disruption in core network functions can have cascading effects. While no known exploits exist currently, the ease of remote exploitation without authentication increases the risk of opportunistic attacks or targeted disruptions. Organizations operating or testing Open5GS in production or lab environments should consider the threat seriously to avoid unintended service outages or reputational damage.

The primary mitigation is to upgrade Open5GS to version 2.7.6 or later, which contains the patch addressing this vulnerability. Organizations should validate their current Open5GS deployments and plan timely updates. In addition to patching, network segmentation and strict access controls should be enforced to limit exposure of the AMF component to untrusted networks. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures tuned to detect anomalous traffic targeting GMM state functions can help identify and block exploitation attempts. Monitoring AMF logs for unusual state transitions or error patterns can provide early warning signs of attempted exploitation. For organizations using Open5GS in testing or development environments, isolating these from production networks reduces risk. Finally, maintaining an up-to-date inventory of 5G core network components and applying security best practices for 5G deployments, including secure configuration and regular vulnerability assessments, will further reduce exposure.