CVE-2025-66786
Unknown Unknown - Not Provided
Logical Error in OpenAirInterface CN5G AMF JSON Processing Causes DoS

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: MITRE

Description
OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-05-07
AI Q&A
2026-01-08
EPSS Evaluated
2026-05-05
NVD
CVE-2025-66786
EUVD
EUVD-2026-1212
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openairinterface cn5g_amf to 2.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves monitoring the AMF's SBI interface for unusual or malformed JSON requests that could indicate an attempted denial-of-service attack. Specific commands or scripts to detect such malicious JSON payloads are not provided in the available resources. [1]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include restricting access to the AMF's SBI interface to trusted sources only, implementing input validation to reject malformed JSON requests, and applying any available patches or updates from OpenAirInterface to fix the logical error. Detailed mitigation commands or procedures are not provided in the available resources. [1]


Can you explain this vulnerability to me?

This vulnerability is a logical error in OpenAirInterface CN5G AMF version 2.0.1 and earlier, where the system improperly processes JSON format requests. Unauthorized remote attackers can exploit this by sending malicious JSON data to the AMF's SBI interface, causing a denial-of-service (DoS) attack.


How can this vulnerability impact me? :

The vulnerability can be exploited by remote attackers to launch a denial-of-service attack against the AMF component of OpenAirInterface CN5G. This results in disruption of service availability, potentially causing system downtime or degraded network performance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart