CVE-2025-8799
BaseFortify
Publication date: 2025-08-10
Last updated on: 2025-08-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8799 is a denial-of-service vulnerability in Open5GS versions up to 2.7.5 affecting the Access and Mobility Management Function (AMF). It occurs when the AMF receives delayed Service-Based Interface (SBI) client responses after the Radio Access Network User Equipment (RAN UE) context has already been removed. This causes an assertion failure due to missing validation of the UE context state, leading to a fatal crash of the AMF process. The issue arises from improper asynchronous state handling and resource management, making the AMF vulnerable to remote attacks without authentication. The vulnerability can be triggered by repeatedly attaching and detaching User Equipment (UE) or simulating gNodeB removals under constrained or unstable network conditions. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can cause the AMF component of Open5GS to crash remotely without authentication, resulting in a denial of service. The crash disrupts availability of the 5G core network functions, including essential services like mobility management and authentication. An attacker can exploit this by repeatedly triggering UE registrations and deregistrations or simulating network instability, causing persistent outages that prevent legitimate users from accessing the network. While confidentiality and integrity are not affected, the impact on availability can lead to significant service disruption. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or fatal aborts in the Open5GS AMF process, specifically related to assertion failures in the functions amf_npcf_am_policy_control_build_create and amf_nsmf_pdusession_build_create_sm_context. Logs showing assertion failures involving ran_ue_find_by_id returning NULL after UE context removal indicate the presence of this issue. Detection can also involve observing repeated UE registrations and deregistrations combined with gNodeB removals that lead to AMF crashes within minutes. While no specific commands are provided, monitoring Open5GS AMF logs for assertion failures and process crashes is recommended. [1, 3, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open5GS to version 2.7.6, which includes a patch that removes the problematic assertions causing the AMF crashes and safely handles late SBI client events. This upgrade prevents fatal aborts by ignoring late responses referencing already removed RAN UE contexts. Until the upgrade can be applied, monitoring and limiting frequent UE attach/detach cycles and gNodeB removals may reduce the risk of triggering the vulnerability. [1, 2, 5]