Cyber Posture

CVE-2025-65805

High

Published: 07 January 2026

Published
07 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0019 40.2th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65805 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Openairinterface Oai-Cn5G-Amf. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique.
Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Remote buffer overflow in public-facing AMF (NAS over N1) enables T1190 exploitation and T1499.004 application DoS (crash); RCE potential noted but secondary.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF.

Deeper analysisAI

CVE-2025-65805 is a buffer overflow vulnerability (CWE-121) in the OpenAirInterface CN5G AMF component, affecting versions up to and including v2.1.9. The flaw occurs during processing of NAS messages, where insufficient bounds checking allows overly long inputs to overflow buffers. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impacts.

Unauthorized remote attackers can exploit this vulnerability by connecting to port N1 and sending a specially crafted NAS message containing an IMSI string longer than 1000 characters to the AMF. Successful exploitation enables a denial-of-service condition by crashing the service, with potential for remote code execution depending on the attacker's control over the overflow.

Mitigation details and further technical analysis are available in the vulnerability report at https://github.com/swallele/Vulnerability/blob/main/Openairinterface/Buffer_Overflow/Vulnerability_Report.md, published alongside the CVE on 2026-01-07.

Details

CWE(s)
CWE-121

Affected Products

openairinterface
oai-cn5g-amf
≤ 2.1.9

CVEs Like This One

CVE-2025-66786Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30078Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30075Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30079Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30080Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30077Same vendor: Openairinterface
CVE-2025-60690Shared CWE-121
CVE-2025-70651Shared CWE-121
CVE-2026-33307Shared CWE-121
CVE-2025-70746Shared CWE-121

References