CVE-2025-5520

medium

Description

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.

References

https://vuldb.com/?submit.582269

https://vuldb.com/?id.310956

https://github.com/user-attachments/files/20362243/Problematic.handover.required.process.zip

https://vuldb.com/?ctiid.310956

https://github.com/open5gs/open5gs/issues/3910#issuecomment-2926719317

https://github.com/open5gs/open5gs/issues/3910

https://github.com/open5gs/open5gs/commit/9f5d133657850e6167231527514ee1364d37a884

Details

Source: Mitre, NVD

Published: 2025-06-03

Updated: 2025-06-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: Medium

CVSS v4

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00094