Description
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
technical-description
https://vuldb.com/?id.321241
Permissions Required, VDB Entry signature
permissions-required
https://vuldb.com/?ctiid.321241
Third Party Advisory, VDB Entry third-party-advisory
https://vuldb.com/?submit.633467
Exploit, Issue Tracking issue-tracking
https://github.com/open5gs/open5gs/issues/3947
Issue Tracking issue-tracking
https://github.com/open5gs/open5gs/issues/3947#issuecomment-3029992728
Third Party Advisory related
https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-9405
Scores
CVSS v3
5.3
EPSS
0.0058
EPSS Percentile
43.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-617
Status
published
Products (1)
open5gs/open5gs
< 2.7.6
Published
Aug 25, 2025
Tracked Since
Feb 18, 2026