CVE-2025-41068

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5

Description A reachable assertion issue in Open5GS up to version 2.7.5 can lead to a denial of service. An attacker with network access to the Network Repository Function (NRF) can exploit this by sending a Network Function (NF) creation request with an invalid type through the Service-based Interface (SBI). Subsequently, requesting data for this NF causes a process check within the NRF to fail, resulting in a crash and rendering the discovery service unavailable. The SBI is an API used for communication between network functions. The NRF is responsible for managing and discovering network functions.

Recommendations Update Open5GS to a version newer than 2.7.5.