CVE-2025-1925

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.2

Description A vulnerability was found in the function amf nsmf pdusession handle update sm context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This issue allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact.

Recommendations To resolve the issue, apply a patch to fix this problem. As a temporary workaround, consider restricting access to the vulnerable function amf nsmf pdusession handle update sm context until a patch is available.