CVE-2025-9405
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-25

Last updated on: 2025-09-02

Assigner: VulDB

Description
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-25
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-08-25
EPSS Evaluated
2026-06-14
NVD
CVE-2025-9405
EUVD
EUVD-2025-25719
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs to 2.7.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-9405 is a security flaw in Open5GS versions up to 2.7.5, specifically in the Access and Mobility Management Function (AMF). The vulnerability occurs when the AMF receives late or asynchronous Service-Based Interface (SBI) responses from the nudm-uecm service after the User Equipment (UE) context has already been deregistered or removed. This causes the GPRS Mobility Management (GMM) state machine to enter an invalid or undefined state, triggering a fatal assertion failure that crashes the AMF process. The crash results in denial of service by disrupting critical 5G core network functions such as UE registration, authentication, and session management. The vulnerability can be exploited remotely without any privileges or user interaction. [1, 2, 4]

Impact Analysis

This vulnerability can cause a denial-of-service (DoS) condition by crashing the AMF process in Open5GS, which is responsible for essential 5G core network functions like UE registration and session management. Exploiting this flaw can lead to loss of service availability for all connected User Equipments (UEs), resulting in network outages and disruption of normal 5G operations. The impact is severe on service availability, potentially causing prolonged outages if exploited persistently. [1, 2, 4]

Detection Guidance

This vulnerability can be detected by monitoring the Open5GS AMF logs for fatal assertion failures or crashes related to the gmm_state_exception function. Look for log entries indicating unexpected SBI responses from the nudm-uecm service, warnings about NAS MAC verification failures, or errors about invalid service names. Additionally, observing sudden AMF process terminations or service disruptions during UE deregistration or registration phases can indicate exploitation attempts. Specific commands depend on your system setup, but generally, you can use commands like `journalctl -u open5gs-amf` or `tail -f /var/log/open5gs/amf.log` to monitor logs in real-time. Also, monitoring system process crashes with `dmesg` or `systemctl status open5gs-amf` can help detect abnormal terminations. [1, 4]

Mitigation Strategies

The immediate mitigation step is to apply the patch identified by commit 8e5fed16114f2f5e40bee1b161914b592b2b7b8f, which fixes the handling of late or unexpected SBI responses in the AMF's gmm_state_exception function. This patch adds validation and proper handling of HTTP response statuses and methods to prevent fatal assertion failures. Additionally, you should consider implementing state validation to discard messages related to non-existent UE contexts and monitor resource constraints that may cause delayed SBI responses. If patching immediately is not possible, restricting access to the affected Open5GS AMF service and monitoring for suspicious activity can help reduce risk. [1, 2, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-9405. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart