{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5501", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-03T05:20:34.328Z", "datePublished": "2025-06-03T14:00:21.279Z", "dateUpdated": "2025-06-03T14:16:02.935Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-03T14:00:21.279Z"}, "title": "Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "Reachable Assertion"}]}], "affected": [{"vendor": "n/a", "product": "Open5GS", "versions": [{"version": "2.7.0", "status": "affected"}, {"version": "2.7.1", "status": "affected"}, {"version": "2.7.2", "status": "affected"}, {"version": "2.7.3", "status": "affected"}], "modules": ["NGAP PathSwitchRequest Message Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_handle_path_switch_request_transfer der Datei src/smf/ngap-handler.c der Komponente NGAP PathSwitchRequest Message Handler. Dank der Manipulation mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2daa44adab762c47a8cef69cc984946973a845b3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-06-03T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-03T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-03T07:25:58.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "SQ0409 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.310915", "name": "VDB-310915 | Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310915", "name": "VDB-310915 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.582265", "name": "Submit #582265 | Open5GS <=2.7.3 Reachable Assertion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/3909", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/3909#issuecomment-2926682623", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20362183/AMF.crash.due.to.pathswitchrequest.zip", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/commit/2daa44adab762c47a8cef69cc984946973a845b3", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/open5gs/open5gs/issues/3909", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-03T14:15:59.128747Z", "id": "CVE-2025-5501", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:16:02.935Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5501", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-03T14:15:59.128747Z"}}}], "references": [{"url": "https://github.com/open5gs/open5gs/issues/3909", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:15:52.373Z"}}], "cna": {"title": "Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion", "credits": [{"lang": "en", "type": "reporter", "value": "SQ0409 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "affected": [{"vendor": "n/a", "modules": ["NGAP PathSwitchRequest Message Handler"], "product": "Open5GS", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.1"}, {"status": "affected", "version": "2.7.2"}, {"status": "affected", "version": "2.7.3"}]}], "timeline": [{"lang": "en", "time": "2025-06-03T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-03T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-03T07:25:58.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.310915", "name": "VDB-310915 | Open5GS NGAP PathSwitchRequest Message ngap-handler.c ngap_handle_path_switch_request_transfer assertion", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310915", "name": "VDB-310915 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.582265", "name": "Submit #582265 | Open5GS <=2.7.3 Reachable Assertion", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/3909", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/3909#issuecomment-2926682623", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20362183/AMF.crash.due.to.pathswitchrequest.zip", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/commit/2daa44adab762c47a8cef69cc984946973a845b3", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "In Open5GS bis 2.7.3 wurde eine problematische Schwachstelle entdeckt. Es geht um die Funktion ngap_handle_path_switch_request_transfer der Datei src/smf/ngap-handler.c der Komponente NGAP PathSwitchRequest Message Handler. Dank der Manipulation mit unbekannten Daten kann eine reachable assertion-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Der Patch wird als 2daa44adab762c47a8cef69cc984946973a845b3 bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "Reachable Assertion"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-03T14:00:21.279Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5501", "state": "PUBLISHED", "dateUpdated": "2025-06-03T14:16:02.935Z", "dateReserved": "2025-06-03T05:20:34.328Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-03T14:00:21.279Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad clasificada como problem\u00e1tica en Open5GS hasta la versi\u00f3n 2.7.3. Esta vulnerabilidad afecta la funci\u00f3n ngap_handle_path_switch_request_transfer del archivo src/smf/ngap-handler.c del componente NGAP PathSwitchRequest Message Handler. La manipulaci\u00f3n genera una aserci\u00f3n accesible. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El parche se llama 2daa44adab762c47a8cef69cc984946973a845b3. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-5501", "lastModified": "2025-06-04T14:54:33.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-03T14:15:51.703", "references": [{"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/commit/2daa44adab762c47a8cef69cc984946973a845b3"}, {"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/issues/3909"}, {"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/issues/3909#issuecomment-2926682623"}, {"source": "[email protected]", "url": "https://github.com/user-attachments/files/20362183/AMF.crash.due.to.pathswitchrequest.zip"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.310915"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.310915"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.582265"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/open5gs/open5gs/issues/3909"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "[email protected]", "type": "Secondary"}]}

{}