CVE-2025-1893

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.2

Description A denial of service issue has been found in the gmm state authentication function of the file src/amf/gmm-sm.c in the component AMF. This issue can be exploited remotely, leading to a network-wide outage, causing all registered UEs to lose connectivity, and blocking new registrations until the AMF is restarted. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, apply the patch named e31e9965f00d9c744a7f728497cb4f3e97744ee8 to the affected Open5GS version. As a temporary workaround, consider restricting access to the gmm state authentication function until a patch is available.