CVE-2025-7485

MEDIUM EPSS 9.8%
Published Jul 12, 202511mo ago · Modified Jun 17, 20261w ago
4.8 CVSS 4.0
Medium
Find Similar
Published Jul 12, 2025 11mo ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.

CVSS Details

Base Score
4.8
Exploitability
Impact
Vector string
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
9.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-617

Affected Products 1

VendorProductVersionRange
open5gsopen5gs* <2.7.6

References 6

  • github.com https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d
    Patch
  • github.com https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136
    Issue Tracking
  • github.com https://github.com/open5gs/open5gs/issues/3878/
    ExploitIssue TrackingThird Party Advisory
  • vuldb.com https://vuldb.com/?ctiid.316135
    Permissions RequiredThird Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?id.316135
    Third Party AdvisoryVDB Entry
  • vuldb.com https://vuldb.com/?submit.610601
    Third Party AdvisoryVDB Entry

Remediation

  • github.com https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d
    Patch