CVE-2025-1893
Published: 04 March 2025
Summary
CVE-2025-1893 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 4.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 15.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation requires timely patching of the gmm_state_authentication vulnerability, directly eliminating the crash condition exploited by remote UEs.
Denial-of-service protection mechanisms limit the impact of low-privilege UE manipulations that crash the AMF and cause network outages.
Error handling ensures the AMF processes invalid authentication states without compromising availability or crashing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote, low-privilege vulnerability that crashes the AMF service via crafted input in the authentication state machine, directly enabling Endpoint Denial of Service through Application or System Exploitation (T1499.004).
NVD Description
A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. The attack…
more
can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue.
Deeper analysisAI
CVE-2025-1893 is a denial-of-service vulnerability affecting Open5GS versions up to 2.7.2. The issue resides in the gmm_state_authentication function within the file src/amf/gmm-sm.c of the AMF component. Manipulation of this function leads to a crash, with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) and is associated with CWE-404.
The vulnerability enables remote exploitation by an attacker possessing low privileges. A single user equipment (UE) can trigger the denial of service, crashing the AMF and causing a complete loss of mobility and session management services. This results in a network-wide outage, where all registered UEs lose connectivity and new registrations are blocked until the AMF is restarted, delivering a high availability impact despite the low CVSS availability metric.
Mitigation is available via the patch commit e31e9965f00d9c744a7f728497cb4f3e97744ee8 on the Open5GS GitHub repository. Advisories in the associated GitHub issues (e.g., #3707) confirm the fix and recommend applying the patch promptly. The exploit has been publicly disclosed and may be used in the wild.
Details
- CWE(s)