CVE-2025-8803 is a medium-severity vulnerability affecting Open5GS versions 2.7.0 through 2.7.5. Open5GS is an open-source implementation of the 5G core network, widely used for mobile network infrastructure. The vulnerability resides in the AMF (Access and Mobility Management Function) component, specifically within the gmm_state_de_registered and gmm_state_exception functions in the source file src/amf/gmm-sm.c. An attacker can remotely manipulate these functions to trigger a denial of service (DoS) condition, causing the affected AMF component to crash or become unresponsive. This disruption can interrupt the management of user equipment states and mobility, potentially leading to service outages for subscribers relying on the affected 5G core network. The vulnerability requires no authentication or user interaction and can be exploited remotely over the network, increasing its risk profile. The issue is addressed in Open5GS version 2.7.6, with a patch identified by commit 1f30edac27f69f61cff50162e980fe58fdeb30ca. No known exploits are currently reported in the wild, but the ease of remote exploitation and the critical role of the AMF in 5G networks make timely patching essential.

For European organizations, particularly mobile network operators and infrastructure providers deploying Open5GS, this vulnerability poses a significant risk to network availability and service continuity. A successful DoS attack on the AMF could disrupt subscriber authentication, mobility management, and session handling, leading to widespread service degradation or outages. This can affect not only consumer mobile services but also critical sectors relying on 5G connectivity such as healthcare, transportation, and emergency services. The impact extends to enterprises using private 5G networks based on Open5GS, potentially interrupting industrial operations and IoT deployments. Given the increasing adoption of 5G technology across Europe, the vulnerability could have cascading effects on digital services and economic activities dependent on reliable mobile connectivity.

European organizations should prioritize upgrading Open5GS deployments to version 2.7.6 or later to remediate this vulnerability. Network operators should implement rigorous patch management processes to ensure timely application of security updates. Additionally, deploying network-level protections such as intrusion detection and prevention systems (IDS/IPS) can help identify and block anomalous traffic patterns targeting the AMF functions. Network segmentation and strict access controls should be enforced to limit exposure of the 5G core components to untrusted networks. Continuous monitoring of AMF logs and performance metrics can aid in early detection of potential exploitation attempts. For organizations running private 5G networks, isolating critical network functions and employing redundancy can reduce the impact of potential DoS attacks. Finally, collaboration with vendors and participation in threat intelligence sharing within the European telecom sector can enhance preparedness against emerging threats.