CVE-2025-9405 in Open5GSinfo

Summary

by MITRE • 08/25/2025

A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/31/2025

The vulnerability identified as CVE-2025-9405 represents a critical security flaw within the Open5GS network functions, specifically affecting versions up to 2.7.5. This issue resides within the gmm_state_exception function located in the src/amf/gmm-sm.c file, which forms part of the 5G core network's access and mobility management functions. The flaw manifests as an assertion that becomes reachable through remote exploitation, presenting a significant risk to the integrity and availability of 5G networks that rely on this open-source software stack. The vulnerability's impact extends beyond simple denial of service, as it can be actively exploited by remote attackers who have access to the network infrastructure or can inject malicious traffic into the system.

The technical nature of this vulnerability stems from improper state handling within the GMM (GPRS Mobility Management) state machine implementation. When the gmm_state_exception function processes certain malformed or unexpected inputs, it triggers an assertion failure that can be manipulated by external actors to cause system instability. This type of vulnerability falls under CWE-617, which specifically addresses reachable assertions, where program assertions that should never be reached become exploitable due to inadequate input validation or state management. The assertion failure creates a potential for arbitrary code execution or system crash conditions that could disrupt critical network services.

From an operational perspective, this vulnerability poses severe risks to 5G network infrastructure deployments that utilize Open5GS as their core network implementation. The remote exploit capability means that attackers can potentially compromise network functions without requiring physical access or privileged network positions. The exploitation of this flaw could lead to service disruption, denial of access for legitimate users, or even complete system compromise. Network operators using affected versions of Open5GS face immediate operational risks as the exploit has been publicly released, making it accessible to threat actors who may actively target 5G infrastructure. The vulnerability affects the AMF (Access and Mobility Function) component, which is critical for managing mobile device connections and mobility services in 5G networks.

The recommended mitigation strategy involves applying the specific patch identified in commit 8e5fed16114f2f5e40bee1b161914b592b2b7b8f, which addresses the root cause of the assertion failure in the gmm_state_exception function. Network administrators should prioritize upgrading to patched versions of Open5GS to prevent exploitation. Additionally, implementing network segmentation and monitoring controls can provide additional defense-in-depth measures while waiting for patches to be deployed. The vulnerability's classification aligns with ATT&CK technique T1210, which covers exploitation of remote services, and T1499, which covers endpoint detection and response for network infrastructure. Organizations should also consider implementing intrusion detection systems that can monitor for exploitation attempts targeting this specific vulnerability pattern. The patch addresses the core issue by strengthening input validation and ensuring proper state management within the GMM state machine, preventing the assertion from being triggered through malicious inputs.

Responsible

VulDB

Disclosure

08/25/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00582

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!