Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Multiple vulnerabilities in NewPlane's Open5GS

Posted date 27/10/2025
Identificador
INCIBE-2025-0594
Importance
4 - High
Affected Resources

Versions prior to Open5GS 2.7.6.

Description

INCIBE has coordinated the publication of two high-severity vulnerabilities affecting NewPlane's Open5GS, an advanced open-source project designed to build and manage your own NR/LTE mobile network. The vulnerability was discovered by David Pérez Gago.

These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector and CWE vulnerability type for each vulnerability:

  • CVE-2025-41067 and CVE-2025-41068: CVSS v4.0: 8.7 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | CWE- 617
Solution

The vulnerabilities have been fixed by the Open5GS team in version v2.7.6.

Detail
  • CVE-2025-41067: reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. An SBI request that deletes the NRF's own registry causes a check that ends up crashing the NRF process and renders the discovery service unavailable.
  • CVE-2025-41068: reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the process, leaving the discovery service unresponsive.
CVE
Explotación
No
References list
Open5GS
Etiquetas