CVE-2025-8802
BaseFortify
Publication date: 2025-08-10
Last updated on: 2025-08-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8802 is a denial of service (DoS) vulnerability in the Open5GS 5G core network software, specifically in the Session Management Function (SMF) component. The issue occurs in the function smf_state_operational when it improperly handles HTTP/2 streams during PDU session release. If the SMF receives an event related to an HTTP/2 stream that has already been closed or invalidated (such as after a RST_STREAM frame), it triggers a fatal assertion failure causing the entire SMF process to crash. This improper handling leads to a complete service interruption despite the problem originating from a single user equipment context. The vulnerability can be exploited remotely without authentication by generating frequent PDU session releases under load, causing repeated crashes. The issue is fixed in Open5GS version 2.7.6 by adding checks to avoid processing invalid streams and prevent the crash. [1, 2, 3, 4]
How can this vulnerability impact me? :
This vulnerability can cause the entire Session Management Function (SMF) process in Open5GS to crash unexpectedly, resulting in a denial of service. Since the SMF is critical for managing 5G sessions, its crash leads to service interruptions affecting all users relying on that SMF instance. An attacker can remotely exploit this by triggering frequent PDU session releases, causing repeated crashes and making the network unavailable or unstable. This impacts system availability and reliability, potentially disrupting communications and services dependent on the 5G core network. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the SMF logs for fatal assertion failures related to the function smf_state_operational(), specifically errors indicating 'assert(stream)' failures or messages about processing closed HTTP/2 streams. Network monitoring for repeated SMF process crashes or service interruptions during high churn of PDU session releases may also indicate exploitation attempts. Since the vulnerability involves HTTP/2 stream handling, capturing and analyzing HTTP/2 traffic for RST_STREAM frames followed by SMF crashes can help detect it. Specific commands depend on your environment, but generally, you can check SMF logs with commands like `journalctl -u open5gs-smf` or `tail -f /var/log/open5gs/smf.log` and use network tools like `tcpdump` or `wireshark` to monitor HTTP/2 traffic on the SBI interface. Look for repeated RST_STREAM frames and correlate with SMF crashes. [2, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade Open5GS SMF component to version 2.7.6 or later, where the vulnerability has been fixed by adding proper null checks to prevent fatal assertion failures. If upgrading is not immediately possible, applying the patch identified by commit f168f7586a4fa536cee95ae60ac437d997f15b97 to the source code of smf_state_operational() function can mitigate the issue. Additionally, monitoring and limiting high churn of PDU session releases and controlling resource constraints on the SMF may reduce the risk of triggering the vulnerability until the patch or upgrade is applied. [1, 3]