{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-8805", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-08-09T07:43:25.628Z", "datePublished": "2025-08-10T10:32:08.617Z", "dateUpdated": "2025-08-15T13:44:03.739Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-15T13:44:03.739Z"}, "title": "Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "Open5GS", "versions": [{"version": "2.7.0", "status": "affected"}, {"version": "2.7.1", "status": "affected"}, {"version": "2.7.2", "status": "affected"}, {"version": "2.7.3", "status": "affected"}, {"version": "2.7.4", "status": "affected"}, {"version": "2.7.5", "status": "affected"}, {"version": "2.7.6", "status": "unaffected"}], "modules": ["SMF"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Hierbei geht es um die Funktion smf_gsm_state_wait_pfcp_deletion der Datei src/smf/gsm-sm.c der Komponente SMF. Durch Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.7.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c58b8f081986aaf2a312d73a0a17985518b47fe6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2025-08-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-08-09T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-08-15T15:47:48.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "xiaohan zheng (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "xiaohan zheng (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.319334", "name": "VDB-319334 | Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319334", "name": "VDB-319334 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.626125", "name": "Submit #626125 | Open5GS <= v2.7.5 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/21229739/smf_crash.zip", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/commit/c58b8f081986aaf2a312d73a0a17985518b47fe6", "tags": ["patch"]}, {"url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6", "tags": ["patch"]}, {"url": "https://github.com/ZHENGHAOHELLO/BugReport", "tags": ["related"]}]}, "adp": [{"references": [{"url": "https://github.com/open5gs/open5gs/issues/4000", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-13T14:20:59.737834Z", "id": "CVE-2025-8805", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T14:21:03.989Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8805", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-13T14:20:59.737834Z"}}}], "references": [{"url": "https://github.com/open5gs/open5gs/issues/4000", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-13T14:20:50.910Z"}}], "cna": {"title": "Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service", "credits": [{"lang": "en", "type": "reporter", "value": "xiaohan zheng (VulDB User)"}, {"lang": "en", "type": "analyst", "value": "xiaohan zheng (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"vendor": "n/a", "modules": ["SMF"], "product": "Open5GS", "versions": [{"status": "affected", "version": "2.7.0"}, {"status": "affected", "version": "2.7.1"}, {"status": "affected", "version": "2.7.2"}, {"status": "affected", "version": "2.7.3"}, {"status": "affected", "version": "2.7.4"}, {"status": "affected", "version": "2.7.5"}, {"status": "unaffected", "version": "2.7.6"}]}], "timeline": [{"lang": "en", "time": "2025-08-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-08-09T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-08-15T15:47:48.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.319334", "name": "VDB-319334 | Open5GS SMF gsm-sm.c smf_gsm_state_wait_pfcp_deletion denial of service", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.319334", "name": "VDB-319334 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.626125", "name": "Submit #626125 | Open5GS <= v2.7.5 Denial of Service", "tags": ["third-party-advisory"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000", "tags": ["issue-tracking"]}, {"url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/21229739/smf_crash.zip", "tags": ["exploit"]}, {"url": "https://github.com/open5gs/open5gs/commit/c58b8f081986aaf2a312d73a0a17985518b47fe6", "tags": ["patch"]}, {"url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6", "tags": ["patch"]}, {"url": "https://github.com/ZHENGHAOHELLO/BugReport", "tags": ["related"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component."}, {"lang": "de", "value": "Hierbei geht es um die Funktion smf_gsm_state_wait_pfcp_deletion der Datei src/smf/gsm-sm.c der Komponente SMF. Durch Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 2.7.6 vermag dieses Problem zu l\u00f6sen. Der Patch wird als c58b8f081986aaf2a312d73a0a17985518b47fe6 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-08-15T13:44:03.739Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8805", "state": "PUBLISHED", "dateUpdated": "2025-08-15T13:44:03.739Z", "dateReserved": "2025-08-09T07:43:25.628Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-08-10T10:32:08.617Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*", "matchCriteriaId": "F4733D6E-5B99-4217-96BA-533B220A1FDA", "versionEndExcluding": "2.7.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in Open5GS up to 2.7.5. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Open5GS hasta la versi\u00f3n 2.7.5, clasificada como problem\u00e1tica. Este problema afecta a la funci\u00f3n smf_gsm_state_wait_pfcp_deletion del archivo src/smf/gsm-sm.c del componente SMF. La manipulaci\u00f3n provoca una denegaci\u00f3n de servicio. El ataque puede ejecutarse en remoto. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 2.7.6 puede solucionar este problema. El parche se identifica como c58b8f081986aaf2a312d73a0a17985518b47fe6. Se recomienda actualizar el componente afectado."}], "id": "CVE-2025-8805", "lastModified": "2025-08-15T14:15:30.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-08-10T11:15:29.913", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/ZHENGHAOHELLO/BugReport"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/open5gs/open5gs/commit/c58b8f081986aaf2a312d73a0a17985518b47fe6"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/open5gs/open5gs/issues/4000"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920"}, {"source": "cna@vuldb.com", "tags": ["Release Notes"], "url": "https://github.com/open5gs/open5gs/releases/tag/v2.7.6"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/user-attachments/files/21229739/smf_crash.zip"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.319334"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.319334"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.626125"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking"], "url": "https://github.com/open5gs/open5gs/issues/4000"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Issue Tracking"], "url": "https://github.com/open5gs/open5gs/issues/4000#issuecomment-3091321920"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}