CVE-2025-1925
Published: 04 March 2025
Summary
CVE-2025-1925 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 41.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by requiring timely identification, reporting, and patching of the flaw in the AMF's PDU session update handler as recommended in the advisory.
Implements denial-of-service protections at boundaries to prevent a single remote UE from crashing the AMF and causing network-wide outages.
Validates inputs to the amf_nsmf_pdusession_handle_update_sm_context function to reject malformed PDU session IDs that trigger the crash due to conflicts.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2025-1925 enables remote unauthenticated denial of service by crashing the Open5GS AMF via PDU Session ID conflict in amf_nsmf_pdusession_handle_update_sm_context, directly facilitating T1499.004 (Endpoint Denial of Service: Application or System Exploitation).
NVD Description
A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched…
more
remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.
Deeper analysisAI
CVE-2025-1925 is a denial-of-service vulnerability classified as problematic in Open5GS versions up to 2.7.2. It affects the AMF component, specifically the function amf_nsmf_pdusession_handle_update_sm_context in the file src/amf/nsmf-handler.c. The issue falls under CWE-404 and carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating network-accessible exploitation with low complexity and no privileges required, resulting in limited availability impact.
A single User Equipment (UE) can remotely exploit this vulnerability to crash the AMF, leading to a complete loss of mobility and session management services and causing a network-wide outage. All registered UEs lose connectivity, and new registrations are blocked until the AMF is restarted, resulting in a high availability impact.
Advisories recommend applying a patch to fix the issue, with a fix available in Open5GS pull request #3711 on GitHub. The exploit has been publicly disclosed, including details in a bug report at https://github.com/guoweifk/BugReport/blob/main/Open5GS%20AMF%20Denial%20of%20Service%20via%20PDU%20Session%20ID%20Conflict, and may be used by attackers. Further information is provided in VulDB entries at https://vuldb.com/?ctiid.298513, https://vuldb.com/?id.298513, and https://vuldb.com/?submit.506038.
Details
- CWE(s)