CVE-2025-8805 MEDIUM

CVE-2025-8805: Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service

Vendor N/A
Product Open5GS
Weakness CWE-404
Published August 10, 2025
Last update August 15, 2025

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

August 10, 2025 CVE published
August 15, 2025 Record updated