CVE-2025-9405
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-09-02
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-9405 is a security flaw in Open5GS versions up to 2.7.5, specifically in the Access and Mobility Management Function (AMF). The vulnerability occurs when the AMF receives late or asynchronous Service-Based Interface (SBI) responses from the nudm-uecm service after the User Equipment (UE) context has already been deregistered or removed. This causes the GPRS Mobility Management (GMM) state machine to enter an invalid or undefined state, triggering a fatal assertion failure that crashes the AMF process. The crash results in denial of service by disrupting critical 5G core network functions such as UE registration, authentication, and session management. The vulnerability can be exploited remotely without any privileges or user interaction. [1, 2, 4]
How can this vulnerability impact me? :
This vulnerability can cause a denial-of-service (DoS) condition by crashing the AMF process in Open5GS, which is responsible for essential 5G core network functions like UE registration and session management. Exploiting this flaw can lead to loss of service availability for all connected User Equipments (UEs), resulting in network outages and disruption of normal 5G operations. The impact is severe on service availability, potentially causing prolonged outages if exploited persistently. [1, 2, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Open5GS AMF logs for fatal assertion failures or crashes related to the gmm_state_exception function. Look for log entries indicating unexpected SBI responses from the nudm-uecm service, warnings about NAS MAC verification failures, or errors about invalid service names. Additionally, observing sudden AMF process terminations or service disruptions during UE deregistration or registration phases can indicate exploitation attempts. Specific commands depend on your system setup, but generally, you can use commands like `journalctl -u open5gs-amf` or `tail -f /var/log/open5gs/amf.log` to monitor logs in real-time. Also, monitoring system process crashes with `dmesg` or `systemctl status open5gs-amf` can help detect abnormal terminations. [1, 4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the patch identified by commit 8e5fed16114f2f5e40bee1b161914b592b2b7b8f, which fixes the handling of late or unexpected SBI responses in the AMF's gmm_state_exception function. This patch adds validation and proper handling of HTTP response statuses and methods to prevent fatal assertion failures. Additionally, you should consider implementing state validation to discard messages related to non-existent UE contexts and monitor resource constraints that may cause delayed SBI responses. If patching immediately is not possible, restricting access to the affected Open5GS AMF service and monitoring for suspicious activity can help reduce risk. [1, 2, 3]