PT-2025-43948 · Open5Gs · Open5Gs
Published
2025-10-27
·
Updated
2025-10-28
·
CVE-2025-41067
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L |
Name of the Vulnerable Software and Affected Versions
Open5GS versions up to 2.7.5
Description
A flaw exists in Open5GS that allows for a denial of service. An attacker with network access to the Network Repository Function (NRF) can send a specific SBI request designed to delete the NRF’s own registry. This action triggers a check that results in the NRF process crashing, making the discovery service unavailable.
Recommendations
Update Open5GS to a version newer than 2.7.5.
Fix
DoS
Assertion Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open5Gs