Primary

Context

Open5GS Reachable Assertion Vulnerability in NRF Component Allowing Denial-of-Service

Vulnerability

Patched

A reachable assertion vulnerability has been identified in Open5GS versions prior to 2.7.5. This vulnerability allows attackers with connectivity to the Network Repository Function (NRF) to cause a denial-of-service condition. The issue arises when an SBI request is made to delete the NRF's own registry, triggering a process check that crashes the NRF process and disrupts the discovery service.

Impact

Exploitation of this vulnerability leads to a crash of the NRF process, causing the discovery service to become unresponsive and unavailable.

Remediation

Users can upgrade to Open5GS version 2.7.5 to address this vulnerability.

Added: Oct 27, 2025, 1:18 PM

Updated: Oct 27, 2025, 1:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.8

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS Reachable Assertion Vulnerability in NRF Component Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating