Primary

Context

Open5GS MME Assertion Failure Vulnerability in S1AP Interface Allowing Denial-of-Service

Vulnerability

A denial-of-service vulnerability has been identified in Open5GS MME versions through 2.6.4. The issue arises from an assertion failure that can be remotely triggered by sending a malformed ASN.1 packet over the S1AP interface. Specifically, an attacker can exploit this vulnerability by sending a 'UE Context Release Request' message that omits the required 'MME_UE_S1AP_ID' field. This exploitation causes the MME to crash, disrupting service.

Impact

Exploitation of this vulnerability leads to a persistent crash of the Mobility Management Entity (MME), causing a city-wide disruption of all cellular communications, including phone calls, messaging, and data services.

Reproduction

The vulnerability can be reproduced by sending a 'UE Context Release Request' S1AP packet that lacks the 'MME_UE_S1AP_ID' field. This can be done by an unauthenticated user over the network, without the need for a SIM card or special equipment.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

9.1

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS MME Assertion Failure Vulnerability in S1AP Interface Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Open5GS MME

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating