CVE-2025-6952

Open5GS AMF Service amf-sm.c amf_state_operational assertion

CVSS 4.8 MEDIUMEPSS 0.2%CWE-617

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Lifecycle

01 Jul 2025Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability, which was classified as problematic, has been found in Open5GS up to 2.7.5. This issue affects the function amf_state_operational of the file src/amf/amf-sm.c of the component AMF Service. The manipulation leads to reachable assertion. It is possible to launch the attack on the local host. The identifier of the patch is 53e9e059ed96b940f7ddcd9a2b68cb512524d5db. It is recommended to apply a patch to fix this issue.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

Affected products

n/a · Open5GS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/open5gs/open5gs/commit/53e9e059ed96b940f7ddcd9a2b68cb512524d5db https://github.com/open5gs/open5gs/issues/3938 https://github.com/open5gs/open5gs/issues/3938#issuecomment-3012139813 https://vuldb.com/?ctiid.314489 https://vuldb.com/?id.314489 https://vuldb.com/?submit.605312