{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1925", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-04T08:48:23.967Z", "datePublished": "2025-03-04T13:09:24.363Z", "dateUpdated": "2025-03-04T14:18:52.896Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-04T13:09:24.363Z"}, "title": "Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Open5GS", "versions": [{"version": "2.7.0", "status": "affected"}, {"version": "2.7.1", "status": "affected"}, {"version": "2.7.2", "status": "affected"}], "modules": ["AMF"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open5GS bis 2.7.2 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion amf_nsmf_pdusession_handle_update_sm_context der Datei src/amf/nsmf-handler.c der Komponente AMF. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-03-04T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-04T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-04T14:14:07.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Wei Guo", "type": "finder"}, {"lang": "en", "value": "Yuanhao Li", "type": "finder"}, {"lang": "en", "value": "Hao Zheng", "type": "finder"}, {"lang": "en", "value": "Qiang Fu", "type": "finder"}, {"lang": "en", "value": "Jiajia Liu", "type": "finder"}, {"lang": "en", "value": "EnginerStaticPower (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "EnginerStaticPower (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.298513", "name": "VDB-298513 | Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service", "tags": ["vdb-entry", "technical-description", "exploit"]}, {"url": "https://vuldb.com/?ctiid.298513", "name": "VDB-298513 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.506038", "name": "Submit #506038 | Open5GS <=v2.7.2 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20PDU%20Session%20ID%20Conflict", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/pull/3711", "tags": ["issue-tracking"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-04T14:18:42.825185Z", "id": "CVE-2025-1925", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T14:18:52.896Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1925", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T14:18:42.825185Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-04T14:18:47.757Z"}}], "cna": {"title": "Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service", "credits": [{"lang": "en", "type": "finder", "value": "Wei Guo"}, {"lang": "en", "type": "finder", "value": "Yuanhao Li"}, {"lang": "en", "type": "finder", "value": "Hao Zheng"}, {"lang": "en", "type": "finder", "value": "Qiang Fu"}, {"lang": "en", "type": "finder", "value": "Jiajia Liu"}, {"lang": "en", "type": "reporter", "value": "EnginerStaticPower (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "EnginerStaticPower (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "affected": [{"vendor": "n/a", "modules": ["AMF"], "product": "Open5GS", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.1"}, {"status": "affected", "version": "2.7.2"}]}], "timeline": [{"lang": "en", "time": "2025-03-04T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-04T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-04T14:14:07.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.298513", "name": "VDB-298513 | Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service", "tags": ["vdb-entry", "technical-description", "exploit"]}, {"url": "https://vuldb.com/?ctiid.298513", "name": "VDB-298513 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.506038", "name": "Submit #506038 | Open5GS <=v2.7.2 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20PDU%20Session%20ID%20Conflict", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/pull/3711", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open5GS bis 2.7.2 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion amf_nsmf_pdusession_handle_update_sm_context der Datei src/amf/nsmf-handler.c der Komponente AMF. Mittels Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-04T13:09:24.363Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1925", "state": "PUBLISHED", "dateUpdated": "2025-03-04T14:18:52.896Z", "dateReserved": "2025-03-04T08:48:23.967Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-04T13:09:24.363Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8160C0A-E77F-487D-B5E0-C6657E80D327", "versionEndIncluding": "2.7.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Open5GS hasta la versi\u00f3n 2.7.2. Esta vulnerabilidad afecta a la funci\u00f3n amf_nsmf_pdusession_handle_update_sm_context del archivo src/amf/nsmf-handler.c del componente AMF. La manipulaci\u00f3n provoca una denegaci\u00f3n de servicio. El ataque puede iniciarse de forma remota. Esta vulnerabilidad permite que un \u00fanico UE bloquee el AMF, lo que provoca la p\u00e9rdida total de los servicios de movilidad y gesti\u00f3n de sesiones y provoca una interrupci\u00f3n en toda la red. Todos los UE registrados perder\u00e1n la conectividad y se bloquear\u00e1n los nuevos registros hasta que se reinicie el AMF, lo que provocar\u00e1 un alto impacto en la disponibilidad. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-1925", "lastModified": "2025-06-23T15:10:37.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-04T14:15:36.717", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20PDU%20Session%20ID%20Conflict"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://github.com/open5gs/open5gs/pull/3711"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.298513"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.298513"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.506038"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}