Listen to this Post
How the CVE Works
The vulnerability in Open5GS (up to v2.7.2) resides in the `amf_nsmf_pdusession_handle_update_sm_context` function within src/amf/nsmf-handler.c. A remote attacker can exploit this flaw by sending a maliciously crafted PDU session update request to the AMF (Access and Mobility Management Function). This triggers a NULL pointer dereference or infinite loop, crashing the AMF process. As the AMF is critical for mobility and session management, its failure disrupts all connected UEs (User Equipment), blocking new registrations until manual restart. The attack requires no authentication and can be executed via standard 5G signaling interfaces (e.g., N11/Namf).
DailyCVE Form
Platform: Open5GS
Version: ≤ 2.7.2
Vulnerability: AMF DoS
Severity: Medium
Date: 06/23/2025
Prediction: Patch by 08/2025
What Undercode Say
Analytics:
grep -r "amf_nsmf_pdusession_handle_update_sm_context" src/amf/ curl -X POST "amf.example.org/nsmf-pdu-session-update" --data malicious_payload
Exploit:
- Crafted PDU session update request.
- No auth required.
- Triggers AMF crash.
Protection from this CVE:
- Patch to v2.7.3+.
- AMF process isolation.
- Rate-limit N11/Namf traffic.
Impact:
- Network-wide outage.
- UE connectivity loss.
- Service disruption.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
