CVE-2025-5935

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/open5gs/open5gs/commit/62cb99755243c9c38e4c060c5d8d0e158fe8cdd5
https://github.com/open5gs/open5gs/issues/3874
https://github.com/open5gs/open5gs/issues/3874#issuecomment-2853547622
https://github.com/user-attachments/files/19863206/Problematic.handover.required.process.zip
https://vuldb.com/?ctiid.311713
https://vuldb.com/?id.311713
https://vuldb.com/?submit.589354

Configurations

No configuration.

History

12 Jun 2025, 16:06

Type	Values Removed	Values Added
Summary		(es) Se encontró una vulnerabilidad en Open5GS hasta la versión 2.7.3. Se ha declarado problemática. Esta vulnerabilidad afecta a la función common_register_state del archivo src/mme/emm-sm.c del componente AMF/MME. La manipulación del argumento ran_ue_id provoca una denegación de servicio. El ataque puede ejecutarse en remoto. Se ha hecho público el exploit y puede que sea utilizado. El identificador del parche es 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. Se recomienda aplicar un parche para solucionar este problema.

10 Jun 2025, 05:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-10 05:15

Updated : 2025-06-12 16:06

NVD link : CVE-2025-5935

Mitre link : CVE-2025-5935

CVE.ORG link : CVE-2025-5935

JSON object : View

Products Affected

No product.

CWE

CWE-404

Improper Resource Shutdown or Release

5.3 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

5.0 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-5935

5.3^/10

5.0^/10

Attach tags to `CVE-2025-5935`