CVE-2025-5935
Published: 10 June 2025
Summary
CVE-2025-5935 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A vulnerability identified as CVE-2025-5935 exists in Open5GS versions up to 2.7.3 within the AMF/MME component. Specifically, the common_register_state function in src/mme/emm-sm.c is affected by improper handling of the ran_ue_id argument, which can trigger a denial of service. The flaw is tracked under CWE-404 and carries a CVSS 4.0 score of 5.5 reflecting network-accessible impact limited to availability.
Remote attackers can exploit the issue without authentication or user interaction by sending crafted input that manipulates the ran_ue_id value, resulting in service disruption to the affected mobile core functions. Public disclosure of an exploit has occurred, although the EPSS score remains flat at 0.0115 with no material increase observed.
The project maintainers have published a patch under commit 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 that addresses the root cause. Security advisories and the associated GitHub issue recommend applying this update promptly to eliminate the denial-of-service condition.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-17627
Vulnerability details
A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial…
more
of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.