CVE-2025-8800
BaseFortify
Publication date: 2025-08-10
Last updated on: 2025-08-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8800 is a denial of service (DoS) vulnerability in Open5GS versions up to 2.7.5, specifically affecting the Access and Mobility Management Function (AMF) component. The vulnerability occurs in the esm_handle_pdn_connectivity_request function when the system receives a NAS message with an unknown or invalid PDN type (Packet Data Network type). Instead of handling this input gracefully, the system triggers a fatal assertion failure causing the AMF or MME process to crash, leading to denial of service. This can be exploited remotely without authentication by sending malformed NAS messages with an unsupported PDN type, causing the network component to halt and disrupt service. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause the AMF or MME component of Open5GS to crash repeatedly, resulting in denial of service. This disrupts critical 5G core network functions such as user registration, session management, and mobility procedures. As a result, user equipment (UE) may lose network access, and network stability can be severely impacted. The attack can be performed remotely without any privileges or user interaction, making it easy to exploit and potentially causing persistent service outages. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or core dumps of the Open5GS MME or AMF components, especially triggered by malformed NAS messages containing an unknown PDN type set to 0. Network traffic analysis tools can be used to capture and inspect NAS messages for invalid PDN types. Specifically, look for NAS messages with PDN type = 0 in the ESM message container of InitialUEMessage. While no explicit commands are provided, using packet capture tools like tcpdump or Wireshark to filter NAS messages and checking Open5GS logs for assertion failures or process crashes can help detect exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open5GS to version 2.7.6, which includes a patch that properly validates PDN types in the esm_handle_pdn_connectivity_request function, preventing crashes by rejecting malformed NAS messages with unknown PDN types. Until the upgrade can be applied, monitoring and restricting malformed NAS messages with invalid PDN types may help reduce risk, but upgrading is strongly recommended to fully address the issue. [1, 4]