Cyber Resilience

CVE-2025-65805

High

Published: 07 January 2026

Published
07 January 2026
Modified
29 January 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0013 31.5th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65805 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Openairinterface Oai-Cn5G-Amf. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-65805 is a buffer overflow vulnerability (CWE-121) in the OpenAirInterface CN5G AMF component, affecting versions up to and including v2.1.9. The flaw occurs during processing of NAS messages, where insufficient bounds checking allows overly long inputs to overflow buffers. It carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), indicating high severity primarily due to availability impacts.

Unauthorized remote attackers can exploit this vulnerability by connecting to port N1 and sending a specially crafted NAS message containing an IMSI string longer than 1000 characters to the AMF. Successful exploitation enables a denial-of-service condition by crashing the service, with potential for remote code execution depending on the attacker's control over the overflow.

Mitigation details and further technical analysis are available in the vulnerability report at https://github.com/swallele/Vulnerability/blob/main/Openairinterface/Buffer_Overflow/Vulnerability_Report.md, published alongside the CVE on 2026-01-07.

EU & UK References

Vulnerability details

OpenAirInterface CN5G AMF<=v2.1.9 has a buffer overflow vulnerability in processing NAS messages. Unauthorized remote attackers can launch a denial-of-service attack and potentially execute malicious code by accessing port N1 and sending an imsi string longer than 1000 to AMF.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote buffer overflow in public-facing AMF (NAS over N1) enables T1190 exploitation and T1499.004 application DoS (crash); RCE potential noted but secondary.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-66786Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30075Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30078Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30079Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30080Same product: Openairinterface Oai-Cn5G-Amf
CVE-2026-30077Same vendor: Openairinterface
CVE-2024-43661Shared CWE-121
CVE-2025-70249Shared CWE-121
CVE-2025-70744Shared CWE-121
CVE-2025-50662Shared CWE-121

Affected Assets

openairinterface
oai-cn5g-amf
≤ 2.1.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires identification, reporting, and correction of the buffer overflow flaw in AMF's NAS message processing to eliminate the vulnerability.

prevent

Mandates bounds checking and validation of NAS message inputs like IMSI strings longer than 1000 characters to prevent buffer overflows.

prevent

Provides memory safeguards such as stack canaries, ASLR, and DEP to block unauthorized code execution from the buffer overflow exploit.

References