CVE-2025-5935

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.3

Description A vulnerability was found in the function common register state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran ue id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, it is recommended to apply a patch to the affected versions of Open5GS. For Open5GS versions up to 2.7.3, apply the patch with the identifier 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. As a temporary workaround, consider disabling the common register state function until a patch is available. Restrict access to the vulnerable component AMF/MME to minimize the risk of exploitation. Avoid using the argument ran ue id in the affected function until the issue is resolved.