CVE-2025-41068

HIGH

Open5GS < 2.7.6 - Denial of Service via Invalid NF Type in SBI

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-41068. PoCs published by xvk1t1.

AI-analyzed exploit summary The repository contains functional PoC scripts for CVE-2025-41067 and CVE-2025-41068, which exploit denial-of-service vulnerabilities in Open5GS NRF by sending crafted HTTP/2 requests to delete NRF instances or register invalid NF types, causing the NRF process to crash.

Description

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the process, leaving the discovery service unresponsive.

Exploits (1)

github WORKING POC
by xvk1t1 · pythonpoc
https://github.com/xvk1t1/Open5GS-CVE-2025-41067-CVE-2025-41068-PoC

The repository contains functional PoC scripts for CVE-2025-41067 and CVE-2025-41068, which exploit denial-of-service vulnerabilities in Open5GS NRF by sending crafted HTTP/2 requests to delete NRF instances or register invalid NF types, causing the NRF process to crash.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Open5GS NRF (versions prior to 2.7.6)
No auth needed
Prerequisites: Network access to the NRF HTTP/2 interface · Python 3.6+ with httpx library
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 21.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-617
Status published
Products (1)
open5gs/open5gs < 2.7.5
Published Oct 27, 2025
Tracked Since Feb 18, 2026