CVE-2025-55904

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615

Description Open5GS is susceptible to a NULL pointer dereference when processing a multipart/related HTTP POST request with an empty HTTP body sent to the SBI of AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR. This issue occurs within the parse multipart function located in lib/sbi/message.c and can lead to a denial of service.

Recommendations Update Open5GS to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615 or a later version.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2025-55904

Affected Products

Open5Gs

CVE-2025-55904

Weakness Enumeration

Related Identifiers

Affected Products

References · 6