{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8800", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-09T05:50:21.629Z", "datePublished": "2025-08-10T08:02:07.661Z", "dateUpdated": "2025-08-12T16:03:37.030Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-10T08:02:07.661Z"}, "title": "Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Open5GS", "versions": [{"version": "2.7.0", "status": "affected"}, {"version": "2.7.1", "status": "affected"}, {"version": "2.7.2", "status": "affected"}, {"version": "2.7.3", "status": "affected"}, {"version": "2.7.4", "status": "affected"}, {"version": "2.7.5", "status": "affected"}, {"version": "2.7.6", "status": "unaffected"}], "modules": ["AMF Component"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 701505102f514cbde2856cd2ebc9bedb7efc820d. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in Open5GS bis 2.7.5 ausgemacht. Betroffen davon ist die Funktion esm_handle_pdn_connectivity_request der Datei src/mme/esm-handler.c der Komponente AMF Component. Durch das Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.7.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 701505102f514cbde2856cd2ebc9bedb7efc820d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2025-08-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-09T07:55:36.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "ZYC010101 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.319328", "name": "VDB-319328 | Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319328", "name": "VDB-319328 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.626113", "name": "Submit #626113 | N/A Open5GS <= v2.7.5 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/3980", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/3980#issuecomment-3054894281", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/commit/701505102f514cbde2856cd2ebc9bedb7efc820d", "tags": ["patch"]}, {"url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/open5gs/open5gs/issues/3980", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-11T15:19:35.434243Z", "id": "CVE-2025-8800", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T16:03:37.030Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8800", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-11T15:19:35.434243Z"}}}], "references": [{"url": "https://github.com/open5gs/open5gs/issues/3980", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-11T15:19:37.232Z"}}], "cna": {"title": "Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service", "credits": [{"lang": "en", "type": "reporter", "value": "ZYC010101 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["AMF Component"], "product": "Open5GS", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.1"}, {"status": "affected", "version": "2.7.2"}, {"status": "affected", "version": "2.7.3"}, {"status": "affected", "version": "2.7.4"}, {"status": "affected", "version": "2.7.5"}, {"status": "unaffected", "version": "2.7.6"}]}], "timeline": [{"lang": "en", "time": "2025-08-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-09T07:55:36.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319328", "name": "VDB-319328 | Open5GS AMF esm-handler.c esm_handle_pdn_connectivity_request denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319328", "name": "VDB-319328 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.626113", "name": "Submit #626113 | N/A Open5GS <= v2.7.5 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/3980", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/3980#issuecomment-3054894281", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/commit/701505102f514cbde2856cd2ebc9bedb7efc820d", "tags": ["patch"]}, {"url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 701505102f514cbde2856cd2ebc9bedb7efc820d. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Eine problematische Schwachstelle wurde in Open5GS bis 2.7.5 ausgemacht. Betroffen davon ist die Funktion esm_handle_pdn_connectivity_request der Datei src/mme/esm-handler.c der Komponente AMF Component. Durch das Beeinflussen mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Ein Aktualisieren auf die Version 2.7.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 701505102f514cbde2856cd2ebc9bedb7efc820d bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-10T08:02:07.661Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8800", "state": "PUBLISHED", "dateUpdated": "2025-08-12T16:03:37.030Z", "dateReserved": "2025-08-09T05:50:21.629Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-10T08:02:07.661Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 701505102f514cbde2856cd2ebc9bedb7efc820d. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Open5GS hasta la versi\u00f3n 2.7.5. Se ha clasificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n esm_handle_pdn_connectivity_request del archivo src/mme/esm-handler.c del componente AMF Component. La manipulaci\u00f3n provoca una denegaci\u00f3n de servicio. El ataque puede ejecutarse en remoto. Actualizar a la versi\u00f3n 2.7.6 puede solucionar este problema. El parche se llama 701505102f514cbde2856cd2ebc9bedb7efc820d. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-8800", "lastModified": "2025-08-12T16:15:32.670", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-10T08:15:25.467", "references": [{"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/commit/701505102f514cbde2856cd2ebc9bedb7efc820d"}, {"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/issues/3980"}, {"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/issues/3980#issuecomment-3054894281"}, {"source": "[email protected]", "url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6"}, {"source": "[email protected]", "url": "https://vuldb.com/?ctiid.319328"}, {"source": "[email protected]", "url": "https://vuldb.com/?id.319328"}, {"source": "[email protected]", "url": "https://vuldb.com/?submit.626113"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/open5gs/open5gs/issues/3980"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "[email protected]", "type": "Secondary"}]}

{}