CVE-2025-66786
Unknown Unknown - Not Provided

Logical Error in OpenAirInterface CN5G AMF JSON Processing Causes DoS

Vulnerability report for CVE-2025-66786, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: MITRE

Description

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-07-06
AI Q&A
2026-01-07
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openairinterface cn5g_amf to 2.0.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a logical error in OpenAirInterface CN5G AMF version 2.0.1 and earlier, where the system improperly processes JSON format requests. Unauthorized remote attackers can exploit this by sending malicious JSON data to the AMF's SBI interface, causing a denial-of-service (DoS) attack.

Impact Analysis

The vulnerability can be exploited by remote attackers to launch a denial-of-service attack against the AMF component of OpenAirInterface CN5G. This results in disruption of service availability, potentially causing system downtime or degraded network performance.

Detection Guidance

Detection of this vulnerability involves monitoring the AMF's SBI interface for unusual or malformed JSON requests that could indicate an attempted denial-of-service attack. Specific commands or scripts to detect such malicious JSON payloads are not provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the AMF's SBI interface to trusted sources only, implementing input validation to reject malformed JSON requests, and applying any available patches or updates from OpenAirInterface to fix the logical error. Detailed mitigation commands or procedures are not provided in the available resources. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart