Primary

Context

O-RAN Near Realtime RIC I-Release Connection Disruption Vulnerability

Vulnerability

A resource exhaustion vulnerability has been identified in O-RAN Near Realtime RIC I-Release. This issue arises when an attacker floods the system with a high volume of subscription requests from an xApp, disrupting the initial connection between a gNB and the Near RT-RIC.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the e2mgr component to crash.

Reproduction

To reproduce this vulnerability, send a large number of E2 Subscription Requests from an xApp to the Near RT-RIC component. This influx of requests will disrupt the connection process between the gNB and the RIC.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

5.6

remediation

0.0

relevance

0.0

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

O-RAN Near Realtime RIC I-Release Connection Disruption Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating