CVE-2025-8805 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The vulnerability affects versions 2.7.0 through 2.7.5 of Open5GS, specifically within the SMF (Session Management Function) component. The flaw resides in the function smf_gsm_state_wait_pfcp_deletion located in the source file src/smf/gsm-sm.c. The vulnerability allows an unauthenticated remote attacker to manipulate the state handling logic of the SMF, causing the system to enter a denial of service condition. This could disrupt the normal operation of the 5G core network by preventing proper session management and resource cleanup, potentially leading to service outages or degraded network performance. The vulnerability does not require any privileges or user interaction to exploit, and the attack vector is network-based, making it accessible remotely. The CVSS v4.0 base score is 6.9, indicating a medium severity level. The vendor has addressed the issue in Open5GS version 2.7.6, and the patch is identified by commit c58b8f081986aaf2a312d73a0a17985518b47fe6. No known exploits are currently observed in the wild, but the public disclosure of the vulnerability increases the risk of exploitation attempts. Given Open5GS's role in 5G core networks, this vulnerability could impact the availability of critical telecommunications infrastructure if left unpatched.

For European organizations, especially telecom operators and service providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a risk to network availability and service continuity. A successful DoS attack could disrupt subscriber session management, leading to dropped connections, inability to establish new sessions, or degraded network performance. This can affect end-user experience and potentially impact critical services relying on 5G connectivity, including IoT deployments, emergency services, and enterprise communications. The disruption could also have regulatory and reputational consequences for operators under stringent European data and service availability regulations. Furthermore, as 5G networks are foundational to digital transformation and smart city initiatives across Europe, any instability could have cascading effects on dependent sectors. Although no active exploits are currently reported, the public disclosure and medium severity rating necessitate prompt remediation to mitigate potential service interruptions.

European organizations using Open5GS should prioritize upgrading affected instances to version 2.7.6 or later, which contains the official patch addressing this vulnerability. Network administrators should verify the version of Open5GS deployed and schedule immediate updates to minimize exposure. Additionally, implementing network-level protections such as rate limiting and anomaly detection on PFCP (Packet Forwarding Control Protocol) traffic can help detect and mitigate abnormal state manipulation attempts. Monitoring SMF logs for unusual state transitions or error conditions related to pfcp deletion can provide early warning signs of exploitation attempts. Segmentation of the 5G core network and restricting access to management interfaces can reduce the attack surface. Finally, maintaining an incident response plan tailored to 5G core network disruptions will enable rapid recovery in case of an attack.