CVE-2025-1893: Open5GS UDM Subscriber Data Management gmm-sm.c gmm_state_authentication denial of service
Description
A vulnerability was found in Open5GS up to 2.7.2. It has been declared as problematic. Affected by this vulnerability is the function gmm_state_authentication of the file src/amf/gmm-sm.c of the component UDM Subscriber Data Management. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named e31e9965f00d9c744a7f728497cb4f3e97744ee8. It is recommended to apply a patch to fix this issue. In Open5GS bis 2.7.2 wurde eine problematische Schwachstelle ausgemacht. Das betrifft die Funktion gmm_state_authentication der Datei src/amf/gmm-sm.c der Komponente UDM Subscriber Data Management. Durch die Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Der Patch wird als e31e9965f00d9c744a7f728497cb4f3e97744ee8 bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.
Classification
CVE ID: CVE-2025-1893
CVSS Base Severity: MEDIUM
CVSS Base Score: 5.3
CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Problem Types
Denial of ServiceAffected Products
Vendor: n/a
Product: Open5GS
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.18% (probability of being exploited)
EPSS Percentile: 36.1% (scored less or equal to compared to others)
EPSS Date: 2025-04-01 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-1893https://vuldb.com/?id.298411
https://vuldb.com/?ctiid.298411
https://vuldb.com/?submit.505952
https://github.com/open5gs/open5gs/issues/3707
https://github.com/open5gs/open5gs/issues/3707#issuecomment-2639620554
https://github.com/open5gs/open5gs/issues/3707#issue-2833194192
https://github.com/open5gs/open5gs/commit/e31e9965f00d9c744a7f728497cb4f3e97744ee8