CVE-2025-7485 | THREATINT

Description

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.

In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_recv_handler/s1ap_recv_handler/recv_handler der Komponente SCTP Partial Message Handler. Mittels Manipulieren mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Patch wird als cfa44575020f3fb045fd971358442053c8684d3d bezeichnet. Als bestmögliche Massnahme wird Patching empfohlen.

Reserved 2025-07-11 | Published 2025-07-12 | Updated 2025-07-12 | Assigner VulDB

MEDIUM: 4.8CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

LOW: 3.3CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

LOW: 3.3CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

1.7AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C

Problem types

Reachable Assertion

Timeline

2025-07-11:	Advisory disclosed
2025-07-11:	VulDB entry created
2025-07-11:	VulDB entry last update

Credits

SQ0409 (VulDB User) reporter

References

vuldb.com/?id.316135 (VDB-316135 | Open5GS SCTP Partial Message recv_handler assertion) vdb-entry technical-description

vuldb.com/?ctiid.316135 (VDB-316135 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.610601 (Submit #610601 | Open5GS <=2.7.3 Reachable Assertion) third-party-advisory

github.com/open5gs/open5gs/issues/3878/ issue-tracking

github.com/open5gs/open5gs/issues/3878 issue-tracking

github.com/...ommit/cfa44575020f3fb045fd971358442053c8684d3d patch

cve.org (CVE-2025-7485)

nvd.nist.gov (CVE-2025-7485)

Download JSON