CVE-2025-46115
Denial of Service in Open5GS via PDU Session Modification Request
Publication date: 2026-04-30
Last updated on: 2026-05-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | 2.7.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-46115 is a vulnerability in Open5GS version 2.7.3 that causes a denial of service due to an assertion failure during the processing of a PDU Session Modification Request.
Specifically, the issue occurs in the function handling the modification of Non-GBR QoS flows with a 5QI value of 9. The function incorrectly assumes that all QoS flows require valid MBR and GBR parameters, but Non-GBR flows do not have these parameters, leading to a fatal assertion error.
This error causes the PDU Session Modification procedure to fail, preventing the generation and forwarding of a valid NGAP message to the Radio Access Network (RAN), thus disrupting normal operation.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service in the affected Open5GS system by making the PDU Session Modification procedure fail.
As a result, the system cannot properly handle updates to Non-GBR QoS flows, which may disrupt network services relying on these flows.
This disruption can affect the communication between the Session Management Function (SMF) and the Radio Access Network (RAN), potentially leading to service interruptions or degraded network performance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for assertion failures or crashes in the Open5GS SMF component when processing PDU Session Modification Requests, especially those involving Non-GBR QoS flows with 5QI=9.
Specifically, you can check Open5GS logs for fatal assertion errors related to qos_flow->qos.mbr.downlink failures during PDU Session Modification procedures.
While no exact commands are provided, typical detection steps include:
- Review Open5GS SMF logs for assertion failure messages or crashes.
- Use system commands like `journalctl -u open5gs-smf` or `tail -f /var/log/open5gs/smf.log` to monitor logs in real time.
- Capture and analyze NGAP messages related to PDU Session Modification Requests to identify those with Non-GBR QoS flows having 5QI=9.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding the processing of PDU Session Modification Requests that involve Non-GBR QoS flows with 5QI=9 until a patch or fix is applied.
Additionally, monitor and restrict traffic that could trigger this vulnerability by filtering or blocking crafted PDU Session Modification Requests that may cause assertion failures.
Applying updates or patches from the Open5GS project once available is recommended to fully resolve the issue.