CVE-2025-56568
Assertion Failure in Open5GS SMF PCO Parser via Malformed NGAP Messages
Publication date: 2026-04-30
Last updated on: 2026-05-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | 2.7.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-617 | The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an assertion failure in the Protocol Configuration Options (PCO) parser within the Session Management Function (SMF) component of Open5GS before version 2.7.5. It occurs when the SMF processes specially crafted NGAP messages containing malformed length fields in the protocol configuration data. The assertion failure happens because the parser expects the data length to match a certain size, but malformed input causes this check to fail, leading to a fatal error and process termination.
How can this vulnerability impact me? :
This vulnerability can cause a denial of service by crashing the SMF component of Open5GS when it processes malformed PCO data. Since the SMF is critical for session management in the network, its unexpected termination can disrupt network operations, potentially leading to service outages or degraded network performance.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the SMF (Session Management Function) logs for crashes or unexpected terminations caused by malformed Protocol Configuration Options (PCO) data in NGAP messages.
Specifically, detection involves identifying assertion failures or error logs related to PCO parsing, such as mismatches between expected and actual data lengths.
Commands to help detect this issue could include checking the SMF service status and reviewing its logs for errors or crashes triggered by malformed NGAP messages.
- systemctl status open5gs-smf
- journalctl -u open5gs-smf -f
- grep -i 'pco' /var/log/open5gs/smf.log
Additionally, replaying malformed NGAP messages or fuzzing inputs targeting the PCO parser could help reproduce the crash and confirm the presence of the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Open5GS to version 2.7.5 or later, where the vulnerability has been fixed by replacing fatal assertions with proper error handling in the PCO parser.
If upgrading is not immediately possible, monitoring the SMF service for crashes and restarting it promptly can reduce downtime, but this is only a temporary measure.
Implementing input validation or filtering malformed NGAP messages before they reach the SMF component may also help mitigate the risk.
Reviewing and applying the patch from the commit d7707879c943d2c952235382154d835b5849d54e, which improves robustness and error handling in the PCO parser, is recommended.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.