CVE-2025-56568 - Vulnerability Details

- DoS via PCO Parser Assertion Failure in Open5GS SMF

Description

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.

Published: 2026-04-30

Score: 7.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw causes an assertion failure within the Protocol Configuration Options parser of the Session Management Function component, triggered by NGAP messages that carry malformed length fields for protocol configuration data; the result is an internal crash of the SMF service, leading to a denial of service for users relying on the affected network element.

Affected Systems

All Open5GS deployments that use the SMF component prior to the v2.7.5 release are susceptible, regardless of distribution channel or hosting environment.

Risk and Exploitability

Remote attackers who can reach the SMF over the NGAP interface can send specially crafted NGAP messages with malformed length fields, triggering the parser to assert and crash the SMF. The bug carries a CVSS score of 7.5, indicating high severity, and an EPSS score of less than 1% suggests a low current exploitation probability, though the remote nature and lack of any perceived mitigations mean that a successful attack could immediately disrupt network services. The vulnerability is not listed in the CISA KEV catalog, but the ease of exploitation over the network makes it a significant risk if left unpatched.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

No data.

Vendor Product Confidence Versions

Open5gs

90%

Version	Status	Scheme	Platform
`[0,2.7.5)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade Open5GS to version 2.7.5 or later where the PCO parser issue is resolved.
If an upgrade is delayed, restrict NGAP traffic to the SMF from trusted sources only using firewall or ACL rules to reduce the attack surface.
Monitor SMF logs for assertion failures or sudden restarts and alert operators if such events occur.
Apply any interim patches or security advisories released by the Open5GS community as soon as they become available.

Generated by OpenCVE AI on May 4, 2026 at 21:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00139.

Exploitation none

Automatable yes

Technical Impact partial

References

Link	Providers
https://github.com/open5gs/open5gs/commit/d7707879c943d2c952235382154d835b5849d54e
https://github.com/open5gs/open5gs/issues/3969

History

Mon, 04 May 2026 21:45:00 +0000

Type	Values Removed	Values Added
Title		DoS via PCO Parser Assertion Failure in Open5GS SMF

Mon, 04 May 2026 20:15:00 +0000

Type	Values Removed	Values Added
Title	Remote Denial of Service via Malformed NGAP Protocol Configuration Options in Open5GS SMF
Weaknesses	CWE-20 CWE-682

Mon, 04 May 2026 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-617
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 02 May 2026 00:45:00 +0000

Type	Values Removed	Values Added
Title		Remote Denial of Service via Malformed NGAP Protocol Configuration Options in Open5GS SMF
Weaknesses		CWE-20 CWE-682

Thu, 30 Apr 2026 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Open5gs Open5gs open5gs
Vendors & Products		Open5gs Open5gs open5gs

Thu, 30 Apr 2026 20:00:00 +0000

Type	Values Removed	Values Added
Description		Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data.
References		https://github.com/open5gs/open5gs/commit/d7707879c943d2c952235382154d835b5849d54e https://github.com/open5gs/open5gs/issues/3969

Subscriptions

Open5gs Open5gs

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-30T00:00:00.000Z

Updated: 2026-05-04T17:52:37.623Z

Reserved: 2025-08-17T00:00:00.000Z

Link: CVE-2025-56568

Vulnrichment

Updated: 2026-05-04T15:01:17.455Z

NVD

Status : Deferred

Published: 2026-04-30T20:16:23.220

Modified: 2026-05-04T18:16:25.527

Link: CVE-2025-56568

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-04T21:30:09Z

Weaknesses

CWE-617

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object