CVE-2025-7485
4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X
Summary
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Open5GS | 2.7.0 | affected |
| n/a | Open5GS | 2.7.1 | affected |
| n/a | Open5GS | 2.7.2 | affected |
| n/a | Open5GS | 2.7.3 | affected |
Weaknesses
- CWE-617: Reachable Assertion
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: partial
Additional References
- https://github.com/open5gs/open5gs/issues/3878/
- https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136
References
- https://vuldb.com/?id.316135
- https://vuldb.com/?ctiid.316135
- https://vuldb.com/?submit.610601
- https://github.com/open5gs/open5gs/issues/3878/
- https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136
- https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.