CVE-2025-7485

low-risk
Published 2025-07-12

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Open5Gs

References (8)

Patch https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d...
Issue Tracking https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136
Exploit https://github.com/open5gs/open5gs/issues/3878/
Permissions Required https://vuldb.com/?ctiid.316135
Third Party Advisory https://vuldb.com/?id.316135
Third Party Advisory https://vuldb.com/?submit.610601
Issue Tracking https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136
Exploit https://github.com/open5gs/open5gs/issues/3878/
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal