CVE-2025-66786
Unknown Unknown - Not Provided
Logical Error in OpenAirInterface CN5G AMF JSON Processing Causes DoS

Publication date: 2026-01-07

Last updated on: 2026-01-07

Assigner: MITRE

Description
OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-07
Last Modified
2026-01-07
Generated
2026-06-16
AI Q&A
2026-01-08
EPSS Evaluated
2026-06-14
NVD
CVE-2025-66786
EUVD
EUVD-2026-1212
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openairinterface cn5g_amf to 2.0.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

Detection of this vulnerability involves monitoring the AMF's SBI interface for unusual or malformed JSON requests that could indicate an attempted denial-of-service attack. Specific commands or scripts to detect such malicious JSON payloads are not provided in the available resources. [1]

Executive Summary

This vulnerability is a logical error in OpenAirInterface CN5G AMF version 2.0.1 and earlier, where the system improperly processes JSON format requests. Unauthorized remote attackers can exploit this by sending malicious JSON data to the AMF's SBI interface, causing a denial-of-service (DoS) attack.

Impact Analysis

The vulnerability can be exploited by remote attackers to launch a denial-of-service attack against the AMF component of OpenAirInterface CN5G. This results in disruption of service availability, potentially causing system downtime or degraded network performance.

Mitigation Strategies

Immediate mitigation steps include restricting access to the AMF's SBI interface to trusted sources only, implementing input validation to reject malformed JSON requests, and applying any available patches or updates from OpenAirInterface to fix the logical error. Detailed mitigation commands or procedures are not provided in the available resources. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66786. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart