Cyber Resilience

CVE-2025-5935

MediumPublic PoC

Published: 10 June 2025

Published
10 June 2025
Modified
25 August 2025
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0115 79.0th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-5935 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A vulnerability identified as CVE-2025-5935 exists in Open5GS versions up to 2.7.3 within the AMF/MME component. Specifically, the common_register_state function in src/mme/emm-sm.c is affected by improper handling of the ran_ue_id argument, which can trigger a denial of service. The flaw is tracked under CWE-404 and carries a CVSS 4.0 score of 5.5 reflecting network-accessible impact limited to availability.

Remote attackers can exploit the issue without authentication or user interaction by sending crafted input that manipulates the ran_ue_id value, resulting in service disruption to the affected mobile core functions. Public disclosure of an exploit has occurred, although the EPSS score remains flat at 0.0115 with no material increase observed.

The project maintainers have published a patch under commit 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5 that addresses the root cause. Security advisories and the associated GitHub issue recommend applying this update promptly to eliminate the denial-of-service condition.

EU & UK References

Vulnerability details

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial…

more

of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

open5gs
open5gs
≤ 2.7.6

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-404

Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.

addresses: CWE-404

Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.

addresses: CWE-404

Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.

addresses: CWE-404

Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.

References