CVE-2025-8698
BaseFortify
Publication date: 2025-08-07
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in Open5GS up to version 2.7.5, specifically in the function amf_nsmf_pdusession_handle_release_sm_context within the AMF Service component. It allows local attackers to manipulate the function leading to a reachable assertion, which can cause unexpected behavior or crashes. The vulnerability requires local access to exploit and has been publicly disclosed. A patch is available to fix this issue.
How can this vulnerability impact me? :
The vulnerability can impact you by allowing a local attacker to cause a reachable assertion in the affected function, potentially leading to denial of service or instability in the Open5GS AMF Service. Since it requires local access, remote exploitation is not possible, but it could still disrupt service or system reliability.
What immediate steps should I take to mitigate this vulnerability?
Apply the patch identified by commit 66bc558e417e70ae216ec155e4e81c14ae0ecf30 to fix the vulnerability in Open5GS up to version 2.7.5.