Listen to this Post
How the CVE Works
The vulnerability in Open5GS (up to v2.7.3) resides in the NGAP PathSwitchRequest message handler (src/smf/ngap-handler.c). The function `ngap_handle_path_switch_request_transfer` contains a reachable assertion flaw. When processing a maliciously crafted PathSwitchRequest message, an attacker can trigger an assertion failure remotely, leading to a denial of service (DoS) condition. The exploit leverages improper validation in the message handler, allowing an unauthenticated attacker to crash the service via network traffic.
DailyCVE Form
Platform: Open5GS
Version: ≤ 2.7.3
Vulnerability: Reachable assertion
Severity: Medium
Date: 2025-06-03
Prediction: Patch by 2025-07-15
What Undercode Say
git clone https://github.com/open5gs/open5gs cd open5gs git checkout 2daa44adab762c47a8cef69cc984946973a845b3 Patch commit
How Exploit
import socket
crafted_packet = b"\x00\x01\x02..." Malicious NGAP PathSwitchRequest
sock.sendto(crafted_packet, ("target_ip", 38412))
Protection from this CVE
- Apply patch
2daa44adab762c47a8cef69cc984946973a845b3. - Update to Open5GS > 2.7.3.
- Filter untrusted NGAP traffic.
Impact
- DoS via service crash.
- Disrupts cellular core network functionality.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
