Open5GS AMF/MME emm-sm.c common_register_state denial of service

June 10, 2025 invoker category_cve

CVE Details

Basic Information

Title Open5GS AMF/MME emm-sm.c common_register_state denial of service
Type cve
Published 2025-06-10T04:33:57.358Z
Last Seen

Product Information

Vendor n/a
Product Open5GS
Version 2.7.0

CVSS Information

Base Score 6.9 (MEDIUM)
Attack Vector CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description A vulnerability in Open5GS up to version 2.7.3 allows remote attackers to cause a denial of service by manipulating the ran_ue_id argument in the common_register_state function of the AMF/MME component. The issue has been patched in commit 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5.
AI Severity Medium
Vendor Open5GS
Product Open5GS
Affected Version 2.7.0, 2.7.1, 2.7.2, 2.7.3

Affected Products

  • n/a Open5GS 2.7.0
  • n/a Open5GS 2.7.1
  • n/a Open5GS 2.7.2
  • n/a Open5GS 2.7.3

Additional Information

CVE List
CWE List CWE-404
Bulletin Family

Description

A vulnerability was found in Open5GS up to 2.7.3. It has been declared as problematic. Affected by this vulnerability is the function common_register_state of the file src/mme/emm-sm.c of the component AMF/MME. The manipulation of the argument ran_ue_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 62cb99755243c9c38e4c060c5d8d0e158fe8cdd5. It is recommended to apply a patch to fix this issue.

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.