CVE-2025-55904
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-17
Last updated on: 2025-09-23
Assigner: MITRE
Description
Description
Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service. This occurs in the parse_multipart function in lib/sbi/message.c.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Open5GS v2.7.5 occurs when a specially crafted multipart/related HTTP POST request with an empty HTTP body is sent to the SBI interfaces of various network functions (AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR). It causes a NULL pointer dereference in the parse_multipart function, leading to a denial of service.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service (DoS) condition in the affected Open5GS components, potentially disrupting network services that rely on these functions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70