CVE-2025-46115
Received Received - Intake
Denial of Service in Open5GS via PDU Session Modification Request

Publication date: 2026-04-30

Last updated on: 2026-05-04

Assigner: MITRE

Description
An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-46115
EUVD
EUVD-2025-209598
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs 2.7.3
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-46115 is a vulnerability in Open5GS version 2.7.3 that causes a denial of service due to an assertion failure during the processing of a PDU Session Modification Request.

Specifically, the issue occurs in the function handling the modification of Non-GBR QoS flows with a 5QI value of 9. The function incorrectly assumes that all QoS flows require valid MBR and GBR parameters, but Non-GBR flows do not have these parameters, leading to a fatal assertion error.

This error causes the PDU Session Modification procedure to fail, preventing the generation and forwarding of a valid NGAP message to the Radio Access Network (RAN), thus disrupting normal operation.

Impact Analysis

This vulnerability can cause a denial of service in the affected Open5GS system by making the PDU Session Modification procedure fail.

As a result, the system cannot properly handle updates to Non-GBR QoS flows, which may disrupt network services relying on these flows.

This disruption can affect the communication between the Session Management Function (SMF) and the Radio Access Network (RAN), potentially leading to service interruptions or degraded network performance.

Detection Guidance

This vulnerability can be detected by monitoring for assertion failures or crashes in the Open5GS SMF component when processing PDU Session Modification Requests, especially those involving Non-GBR QoS flows with 5QI=9.

Specifically, you can check Open5GS logs for fatal assertion errors related to qos_flow->qos.mbr.downlink failures during PDU Session Modification procedures.

While no exact commands are provided, typical detection steps include:

  • Review Open5GS SMF logs for assertion failure messages or crashes.
  • Use system commands like `journalctl -u open5gs-smf` or `tail -f /var/log/open5gs/smf.log` to monitor logs in real time.
  • Capture and analyze NGAP messages related to PDU Session Modification Requests to identify those with Non-GBR QoS flows having 5QI=9.
Mitigation Strategies

Immediate mitigation steps include avoiding the processing of PDU Session Modification Requests that involve Non-GBR QoS flows with 5QI=9 until a patch or fix is applied.

Additionally, monitor and restrict traffic that could trigger this vulnerability by filtering or blocking crafted PDU Session Modification Requests that may cause assertion failures.

Applying updates or patches from the Open5GS project once available is recommended to fully resolve the issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-46115. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart