CVE-2025-8804
BaseFortify
Publication date: 2025-08-10
Last updated on: 2025-08-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8804 is a vulnerability in the Open5GS 5G core network software, specifically in the Access and Mobility Management Function (AMF) component's function ngap_build_downlink_nas_transport. When the AMF tries to create a Session Management (SM) context but fails to connect to the Session Management Function (SMF) due to errors like a 504 Gateway Timeout, it incorrectly continues with NAS signaling instead of aborting the session. This improper handling leads to an invalid internal state and triggers a fatal assertion failure, causing the AMF process to crash. The vulnerability can be exploited remotely by repeatedly triggering these failure conditions, resulting in denial of service (DoS) by crashing the AMF and disrupting 5G core network operations. The issue affects Open5GS versions up to 2.7.5 and is fixed in version 2.7.6. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause denial of service (DoS) in the Open5GS 5G core network by crashing the AMF component. Since the AMF manages user equipment contexts, its crash disrupts the handling of 5G signaling and session management, potentially leading to service outages for all connected users. A remote attacker can exploit this vulnerability without authentication by triggering repeated session management failures, causing repeated crashes and network instability. This impacts the availability of the 5G network services relying on Open5GS. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Open5GS AMF logs for fatal assertion failures or crashes related to the function ngap_build_downlink_nas_transport(). Specifically, look for error logs indicating failed SM Context creation requests (e.g., HTTP 504 errors from SMF) followed by AMF crashes. Network detection can involve observing repeated PDU session establishment requests that trigger SMF failures and cause AMF process restarts. While no specific commands are provided in the resources, typical detection involves checking AMF process status, reviewing system logs (e.g., using 'journalctl' or 'tail' on Open5GS logs), and monitoring for repeated crashes or restarts of the AMF service. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open5GS to version 2.7.6, which includes a patch that fixes the assertion failure in the AMF component. The patch (commit ID bca0a7b6e01d254f4223b83831162566d4626428) modifies the handling of downlink NAS transport messages to prevent crashes caused by invalid UE context lookups. Until the upgrade can be applied, monitoring and limiting the impact of repeated PDU session requests that trigger SMF failures may help reduce the risk of denial of service. [2, 4]