CVE-2025-8802 – A denial-of-service vulnerability in Open5GS SM... (How to Fix)

Q: What is the severity of CVE-2025-8802?

CVE-2025-8802 has a CVSS score of 5.3 (MEDIUM). A denial-of-service vulnerability in Open5GS SMF component allows remote attackers to crash the service by manipulating stream arguments in the smf_state_operational function. This affects all Open5GS deployments up to version 2.7.5 that expose the SMF service to untrusted networks. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A denial-of-service vulnerability in Open5GS SMF component allows remote attackers to crash the service by manipulating stream arguments in the smf_state_operational function. This affects all Open5GS deployments up to version 2.7.5 that expose the SMF service to untrusted networks. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

Open5GS

Versions: All versions up to and including 2.7.5

Operating Systems: Linux, BSD, Other Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects deployments with SMF component enabled and exposed to untrusted networks.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SMF service outage leading to 5G core network disruption, preventing subscriber authentication and session management.

🟠

Likely Case

SMF service crash requiring manual restart, causing temporary service interruption for affected subscribers.

🟢

If Mitigated

Limited impact with proper network segmentation and monitoring allowing quick detection and recovery.

🌐 Internet-Facing: HIGH - Attack can be initiated remotely without authentication, making internet-facing deployments particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this to disrupt 5G core services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code has been publicly disclosed in GitHub repositories and attachments, making exploitation straightforward for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.7.6

Vendor Advisory: https://github.com/open5gs/open5gs/releases/tag/v2.7.6

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Stop Open5GS services. 3. Upgrade to Open5GS v2.7.6 using package manager or source compilation. 4. Apply patch f168f7586a4fa536cee95ae60ac437d997f15b97 if compiling from source. 5. Restart Open5GS services.

🔧 Temporary Workarounds

Network Segmentation

Linux

Restrict access to SMF service ports (typically 8805/udp for PFCP) to trusted networks only

iptables -A INPUT -p udp --dport 8805 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit SMF exposure to only necessary 5G core components
Deploy monitoring and alerting for SMF service crashes with automated restart capabilities

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs-smfd --version should show version <= 2.7.5

Check Version:

open5gs-smfd --version

Verify Fix Applied:

After upgrade, verify version is 2.7.6 or higher and check that commit f168f7586a4fa536cee95ae60ac437d997f15b97 is present in git log

📡 Detection & Monitoring

Log Indicators:

SMF service crash logs
Segmentation fault errors in smf-sm.c
Unexpected termination of open5gs-smfd process

Network Indicators:

Unusual PFCP traffic patterns to port 8805
Multiple connection attempts followed by service unavailability

SIEM Query:

process:name="open5gs-smfd" AND (event:type="crash" OR event:type="segfault")

📊 Metadata

CVE ID: CVE-2025-8802

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

EPSS Score: 0.21% exploit probability (42.7th percentile)

Published: August 10, 2025

Last Updated: August 15, 2025

🔗 References

https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8802
https://github.com/open5gs/open5gs/commit/f168f7586a4fa536cee95ae60ac437d997f15b97 Patch
https://github.com/open5gs/open5gs/issues/3978 Issue Tracking
https://github.com/open5gs/open5gs/releases/tag/v2.7.6 Release Notes
https://github.com/user-attachments/files/21104269/5G_SMF.AMF_crash.zip Exploit
https://vuldb.com/?ctiid.319330 Permissions Required,VDB Entry
https://vuldb.com/?id.319330 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.626122 Third Party Advisory,VDB Entry
https://github.com/open5gs/open5gs/issues/3978 Issue Tracking

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8802, you might also want to check these: