CVE-2025-52288 – This vulnerability in Open5GS allows attackers ... (How to Fix)

📋 TL;DR

This vulnerability in Open5GS allows attackers to cause denial of service by triggering an assertion failure through repeated UE connect/disconnect message sequences. The AMF component crashes when processing malformed NGAP messages, potentially disrupting 5G core network services. Systems running vulnerable Open5GS versions are affected.

💻 Affected Systems

Products:

Open5GS

Versions: All versions through 2.7.5

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments using the AMF component. Requires NGAP interface access.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete AMF service disruption leading to widespread 5G network outage, preventing user equipment from connecting to the network.

🟠

Likely Case

Targeted denial of service against specific AMF instances, causing service interruptions for affected network segments.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring, potentially causing only temporary service degradation.

🌐 Internet-Facing: MEDIUM - Requires access to NGAP interface which may be exposed in some deployments, but typically behind network controls.

🏢 Internal Only: HIGH - Internal attackers or compromised network elements can easily exploit this vulnerability to disrupt core network functions.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending repeated UE connect/disconnect messages to trigger assertion failure. No authentication needed for NGAP messages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after commit 5467da9763c300520f56bfbe0a7f5a7f980ec2f6

Vendor Advisory: https://github.com/open5gs/open5gs/issues/3862

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply commit 5467da9763c300520f56bfbe0a7f5a7f980ec2f6
2. Rebuild from source if using source installation
3. Restart AMF service
4. Verify fix by checking version

🔧 Temporary Workarounds

Rate Limiting NGAP Messages

linux

Implement rate limiting on NGAP interface to prevent rapid connect/disconnect sequences

# Use iptables or nftables to limit NGAP port 38412 connections
iptables -A INPUT -p sctp --dport 38412 -m limit --limit 10/min --limit-burst 20 -j ACCEPT
iptables -A INPUT -p sctp --dport 38412 -j DROP

🧯 If You Can't Patch

Implement network segmentation to restrict access to NGAP interface (port 38412/SCTP)
Deploy intrusion detection systems to monitor for abnormal UE connection patterns

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-amfd --version. If version is 2.7.5 or earlier, system is vulnerable.

Check Version:

open5gs-amfd --version

Verify Fix Applied:

Verify version is after 2.7.5 or check if commit 5467da9763c300520f56bfbe0a7f5a7f980ec2f6 is applied in source build.

📡 Detection & Monitoring

Log Indicators:

AMF assertion failures in logs
Repeated UE connection/disconnection events in short timeframes
AMF process crashes or restarts

Network Indicators:

High volume of NGAP Initial UE Message and UE Context Release Complete messages
Abnormal SCTP traffic patterns on port 38412

SIEM Query:

source="open5gs.log" AND ("assertion failure" OR "ngap_build_downlink_nas_transport" OR "AMF crash")

📊 Metadata

CVE ID: CVE-2025-52288

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.14% exploit probability (33.4th percentile)

Published: September 8, 2025

Last Updated: October 9, 2025

🔗 References

https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-52288 Third Party Advisory
https://github.com/matejGradisar/open5gs/commit/5467da9763c300520f56bfbe0a7f5a7f980ec2f6 Patch
https://github.com/open5gs/open5gs/issues/3862 Exploit,Issue Tracking
https://github.com/open5gs/open5gs/issues/3862#issue-3006335547 Exploit,Issue Tracking
https://github.com/open5gs/open5gs/issues/3862#issuecomment-2853458783 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-52288, you might also want to check these: