CVE-2025-8804

10.08.2025, 10:15

A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is bca0a7b6e01d254f4223b83831162566d4626428. It is recommended to upgrade the affected component.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

References

https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428

https://github.com/open5gs/open5gs/issues/3950

https://github.com/open5gs/open5gs/issues/3950#issuecomment-3034693457

https://github.com/open5gs/open5gs/releases/tag/v2.7.6

https://github.com/user-attachments/files/21030801/newdata_for_ngap.zip

https://vuldb.com/?ctiid.319333

https://vuldb.com/?id.319333

https://vuldb.com/?submit.626124