CVE-2025-41067

HIGH

Open5gs < 2.7.5 - Reachable Assertion

Title source: rule

Description

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and renders the discovery service unavailable.

Exploits (1)

nomisec WORKING POC

by xvk1t1 · poc

https://github.com/xvk1t1/Open5GS-CVE-2025-41067-CVE-2025-41068-PoC

View Code ZIP pw:eip

References (2)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-newplanes-open5gs

[Release Notes] https://open5gs.org/open5gs/release/2025/07/19/release-v2.7.6.html

Scores

CVSS v3 7.5

EPSS 0.0004

EPSS Percentile 12.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-617

Status published

Products (1)

open5gs/open5gs < 2.7.5

Published Oct 27, 2025

Tracked Since Feb 18, 2026