CVE-2025-8805
BaseFortify
Publication date: 2025-08-10
Last updated on: 2025-08-15
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8805 is a denial-of-service (DoS) vulnerability in Open5GS versions up to 2.7.5, specifically in the Session Management Function (SMF). The issue occurs when the SMF receives an invalid or malformed API request with the service name "namf-comm" during the PFCP session deletion phase. This causes the SMF's internal state machine to enter an undefined state, triggering a fatal assertion failure that crashes the SMF process. The crash disrupts the SMF daemon, causing loss of connectivity for all affected user equipment until the service is manually restarted. The vulnerability can be exploited remotely without authentication or user interaction. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause the SMF component of Open5GS to crash unexpectedly, resulting in denial of service. This disrupts session establishment and release processes, leading to loss of network connectivity for all users relying on the affected SMF. Since the SMF is critical for managing 5G sessions, its failure can cause significant service outages. The attack can be launched remotely without any privileges or user interaction, making it easy for attackers to cause network downtime. The SMF remains inoperable until manually restarted or patched. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the SMF (Session Management Function) logs for fatal assertion failures or crashes related to the handling of invalid or malformed NAMF_COMM API messages, especially during the PFCP session deletion phase (state: smf_gsm_state_wait_pfcp_deletion). Look for log entries indicating 'Invalid API name [namf-comm]' or fatal errors in the SMF finite state machine dispatch functions. Network detection can involve capturing and analyzing SBI API requests to the namf-comm endpoint for malformed or unrecognized messages. Specific commands depend on your environment, but generally, you can use system log inspection commands such as `journalctl -u open5gs-smfd` or `tail -f /var/log/open5gs/smf.log` to watch for crash logs. Network packet capture tools like `tcpdump` or `wireshark` can be used to filter traffic to the SMF's SBI interface (e.g., `tcpdump -i <interface> port <SMF_SBI_port> and host <SMF_IP>`), looking for suspicious POST requests to `/namf-comm/v1/ue-contexts/` endpoints with unusual or malformed payloads. [1, 3]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation step is to upgrade Open5GS to version 2.7.6, which includes the patch (commit ID: c58b8f081986aaf2a312d73a0a17985518b47fe6) that fixes the improper handling of invalid NAMF_COMM API messages causing the SMF crash. Until the upgrade can be applied, monitor the SMF process for crashes and be prepared to manually restart the SMF daemon if it terminates unexpectedly. Additionally, consider implementing network-level filtering or rate limiting on SBI API requests to the namf-comm endpoint to reduce exposure to malformed or malicious requests. [2, 4]