CVE-2025-9405 is a security vulnerability identified in Open5GS, an open-source implementation of the 5G core network. The flaw exists in versions up to 2.7.5 within the function gmm_state_exception located in the src/amf/gmm-sm.c source file. This vulnerability manifests as a reachable assertion, which means that under certain conditions, the program encounters an assertion failure that can be triggered remotely without authentication or user interaction. The assertion failure could lead to a denial of service (DoS) by crashing the affected component, specifically the Access and Mobility Management Function (AMF) in the 5G core. The vulnerability has a CVSS 4.0 base score of 6.9, categorized as medium severity, reflecting its network attack vector, low attack complexity, and no required privileges or user interaction. The vulnerability does not impact confidentiality, integrity, or availability beyond the potential service disruption caused by the assertion failure. An exploit has been publicly released, increasing the risk of exploitation, although no confirmed widespread exploitation in the wild has been reported yet. A patch identified by commit 8e5fed16114f2f5e40bee1b161914b592b2b7b8f is available and should be applied promptly to remediate the issue. This vulnerability highlights the importance of securing 5G core network components, which are critical infrastructure elements in modern telecommunications.

For European organizations, particularly telecom operators and service providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a risk of service disruption. Exploitation could cause the AMF component to crash, leading to denial of service for subscribers relying on affected network segments. This could impact network availability, degrade user experience, and potentially disrupt critical communications services. Given the increasing reliance on 5G networks for industrial, governmental, and consumer applications in Europe, such disruptions could have cascading effects on business operations and public safety communications. While the vulnerability does not directly compromise data confidentiality or integrity, the availability impact alone is significant for network operators. Additionally, the public availability of an exploit increases the urgency for European entities to address this vulnerability to prevent opportunistic attacks.

European organizations should immediately assess their deployment of Open5GS versions 2.7.0 through 2.7.5 and prioritize patching to the fixed version incorporating commit 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Network operators should implement strict network segmentation and firewall rules to limit exposure of the AMF interfaces to untrusted networks, reducing the attack surface. Continuous monitoring of AMF logs and system health metrics can help detect abnormal crashes or assertion failures indicative of exploitation attempts. Employing redundancy and failover mechanisms in the 5G core can mitigate service disruption impact. Additionally, organizations should stay informed on threat intelligence updates regarding exploitation trends and consider deploying intrusion detection systems tuned for Open5GS-specific anomalies. Finally, conducting regular security audits and code reviews of open-source network components can help identify and remediate vulnerabilities proactively.