CVE-2025-1893
Published: 04 March 2025
Summary
CVE-2025-1893 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 16.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-1893 is a denial-of-service vulnerability affecting Open5GS versions up to 2.7.2. The issue resides in the gmm_state_authentication function within the file src/amf/gmm-sm.c of the AMF component. Manipulation of this function leads to a crash, with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) and is associated with CWE-404.
The vulnerability enables remote exploitation by an attacker possessing low privileges. A single user equipment (UE) can trigger the denial of service, crashing the AMF and causing a complete loss of mobility and session management services. This results in a network-wide outage, where all registered UEs lose connectivity and new registrations are blocked until the AMF is restarted, delivering a high availability impact despite the low CVSS availability metric.
Mitigation is available via the patch commit e31e9965f00d9c744a7f728497cb4f3e97744ee8 on the Open5GS GitHub repository. Advisories in the associated GitHub issues (e.g., #3707) confirm the fix and recommend applying the patch promptly. The exploit has been publicly disclosed and may be used in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-7419
Vulnerability details
A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. The attack…
more
can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a remote, low-privilege vulnerability that crashes the AMF service via crafted input in the authentication state machine, directly enabling Endpoint Denial of Service through Application or System Exploitation (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Flaw remediation requires timely patching of the gmm_state_authentication vulnerability, directly eliminating the crash condition exploited by remote UEs.
Denial-of-service protection mechanisms limit the impact of low-privilege UE manipulations that crash the AMF and cause network outages.
Error handling ensures the AMF processes invalid authentication states without compromising availability or crashing.