CVE-2025-5935

MEDIUM

Open5gs < 2.7.6 - Improper Resource Release

Title source: rule

Description

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.

References (7)

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.311713

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.311713

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.589354

[Exploit, Issue Tracking] https://github.com/open5gs/open5gs/issues/3874

[Issue Tracking] https://github.com/open5gs/open5gs/issues/3874#issuecomment-2853547622

[Not Applicable] https://github.com/user-attachments/files/19863206/Problematic.handover.required.process.zip

[Patch] https://github.com/open5gs/open5gs/commit/62cb99755243c9c38e4c060c5d8d0e158fe8cdd5

View Patch ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0115

EPSS Percentile 78.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-404

Status published

Products (1)

open5gs/open5gs < 2.7.6

Published Jun 10, 2025

Tracked Since Feb 18, 2026