Primary

Context

Open5GS Reachable Assertion Vulnerability in NRF Component Leading to Denial-of-Service

Vulnerability

Patched

A reachable assertion vulnerability has been identified in Open5GS versions prior to 2.7.5. This vulnerability allows attackers with connectivity to the Network Repository Function (NRF) to cause a denial-of-service condition. Exploitation involves sending a creation request for a Network Function (NF) with an invalid type via the Service-Based Interface (SBI), followed by a request for the NF's data. The NRF's process crashes while performing a validity check, causing the discovery service to become unresponsive.

Impact

Exploitation of this vulnerability leads to a crash of the NRF process, causing the discovery service to become unresponsive.

Remediation

Users can upgrade to Open5GS version 2.7.5 to address this vulnerability.

Added: Oct 27, 2025, 1:18 PM

Updated: Oct 27, 2025, 1:27 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

7.0

remediation

7.7

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Open5GS Reachable Assertion Vulnerability in NRF Component Leading to Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

Open5GS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating