CVE-2025-57446
📋 TL;DR
A vulnerability in O-RAN Near Realtime RIC ric-plt-submgr allows remote attackers to cause denial of service via crafted requests to the Subscription Manager API. This affects systems running the J-Release environment of O-RAN Near Realtime RIC. The vulnerability enables attackers to disrupt service availability without authentication.
💻 Affected Systems
- O-RAN Near Realtime RIC ric-plt-submgr
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete service disruption of the Subscription Manager component, potentially cascading to affect overall O-RAN Near Realtime RIC functionality and impacting network operations.
Likely Case
Service degradation or temporary unavailability of the Subscription Manager API, affecting subscription management functions within the RIC environment.
If Mitigated
Limited impact with proper network segmentation and request filtering, potentially causing only minor service interruptions.
🎯 Exploit Status
The vulnerability appears to be remotely exploitable without authentication via crafted API requests. Public GitHub repository contains vulnerability research details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified
Vendor Advisory: https://lf-o-ran-sc.atlassian.net/browse/RIC-1073
Restart Required: No
Instructions:
1. Monitor the O-RAN SC Jira ticket RIC-1073 for official patches. 2. Apply vendor-provided patches when available. 3. Test in non-production environment first. 4. Deploy to production systems.
🔧 Temporary Workarounds
Network Access Control
linuxRestrict network access to the Subscription Manager API to trusted sources only
iptables -A INPUT -p tcp --dport [API_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [API_PORT] -j DROP
Request Rate Limiting
allImplement rate limiting on Subscription Manager API endpoints
# Configure rate limiting in web server or API gateway configuration
🧯 If You Can't Patch
- Implement strict network segmentation to isolate the Subscription Manager API from untrusted networks
- Deploy Web Application Firewall (WAF) with rules to detect and block crafted requests to the vulnerable API endpoints
🔍 How to Verify
Check if Vulnerable:
Check if system is running O-RAN Near Realtime RIC ric-plt-submgr in J-Release environment and has Subscription Manager API exposedCheck Version:
Check O-RAN Near Realtime RIC version documentation or deployment manifests for J-Release environment indicatorsVerify Fix Applied:
Monitor the O-RAN SC Jira ticket RIC-1073 for patch availability and apply when released, then test with crafted requests📡 Detection & Monitoring
Log Indicators:
- Unusual volume of requests to Subscription Manager API
- Requests with malformed or unexpected parameters to subscription endpoints
- Service restart or crash logs for ric-plt-submgr component
Network Indicators:
- High volume of requests to Subscription Manager API ports from single or multiple sources
- Unusual request patterns to API endpoints
SIEM Query:
source="ric-plt-submgr" AND (message="crash" OR message="restart" OR message="error") OR destination_port=[API_PORT] AND request_count > [THRESHOLD]