CVE-2025-56568
Received Received - Intake
Assertion Failure in Open5GS SMF PCO Parser via Malformed NGAP Messages

Publication date: 2026-04-30

Last updated on: 2026-05-04

Assigner: MITRE

Description
Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-04
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-14
NVD
CVE-2025-56568
EUVD
EUVD-2025-209599
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
open5gs open5gs 2.7.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-617 The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an assertion failure in the Protocol Configuration Options (PCO) parser within the Session Management Function (SMF) component of Open5GS before version 2.7.5. It occurs when the SMF processes specially crafted NGAP messages containing malformed length fields in the protocol configuration data. The assertion failure happens because the parser expects the data length to match a certain size, but malformed input causes this check to fail, leading to a fatal error and process termination.

Impact Analysis

This vulnerability can cause a denial of service by crashing the SMF component of Open5GS when it processes malformed PCO data. Since the SMF is critical for session management in the network, its unexpected termination can disrupt network operations, potentially leading to service outages or degraded network performance.

Detection Guidance

This vulnerability can be detected by monitoring the SMF (Session Management Function) logs for crashes or unexpected terminations caused by malformed Protocol Configuration Options (PCO) data in NGAP messages.

Specifically, detection involves identifying assertion failures or error logs related to PCO parsing, such as mismatches between expected and actual data lengths.

Commands to help detect this issue could include checking the SMF service status and reviewing its logs for errors or crashes triggered by malformed NGAP messages.

  • systemctl status open5gs-smf
  • journalctl -u open5gs-smf -f
  • grep -i 'pco' /var/log/open5gs/smf.log

Additionally, replaying malformed NGAP messages or fuzzing inputs targeting the PCO parser could help reproduce the crash and confirm the presence of the vulnerability.

Mitigation Strategies

The immediate mitigation step is to upgrade Open5GS to version 2.7.5 or later, where the vulnerability has been fixed by replacing fatal assertions with proper error handling in the PCO parser.

If upgrading is not immediately possible, monitoring the SMF service for crashes and restarting it promptly can reduce downtime, but this is only a temporary measure.

Implementing input validation or filtering malformed NGAP messages before they reach the SMF component may also help mitigate the risk.

Reviewing and applying the patch from the commit d7707879c943d2c952235382154d835b5849d54e, which improves robustness and error handling in the PCO parser, is recommended.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-56568. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart