CVE-2025-1893
Published: 04 March 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2025-1893 is a denial-of-service vulnerability affecting Open5GS versions up to 2.7.2. The issue resides in the gmm_state_authentication function within the file src/amf/gmm-sm.c of the AMF component. Manipulation of this function leads to a crash, with a CVSS v3.1 base score of 4.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) and is associated with CWE-404.
The vulnerability enables remote exploitation by an attacker possessing low privileges. A single user equipment (UE) can trigger the denial of service, crashing the AMF and causing a complete loss of mobility and session management services. This results in a network-wide outage, where all registered UEs lose connectivity and new registrations are blocked until the AMF is restarted, delivering a high availability impact despite the low CVSS availability metric.
Mitigation is available via the patch commit e31e9965f00d9c744a7f728497cb4f3e97744ee8 on the Open5GS GitHub repository. Advisories in the associated GitHub issues (e.g., #3707) confirm the fix and recommend applying the patch promptly. The exploit has been publicly disclosed and may be used in the wild.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The CVE describes a remote, low-privilege vulnerability that crashes the AMF service via crafted input in the authentication state machine, directly enabling Endpoint Denial of Service through Application or System Exploitation (T1499.004).