An attacker can manipulate packets sent to the SMF to trigger a crash in the gsm_build_pdu_session_establishment_accept function. The flaw is present in Open5GS releases through version 2.7.7 and is classified as a CWE‑404 vulnerability, indicating an improper resource shutdown or release. When the function is invoked with crafted input it leads to a denial of service of the SMF, effectively disrupting session management for affected users. The vulnerability is remote‑accessible, the exploit is publicly available, and no official patch from the vendor has yet been released at the time of discovery.

The vulnerability targets the Open5GS SMF component used in 5G core networks. All deployments running Open5GS SMF that have not applied a fix before version 2.7.7 are affected. The product is Open5GS, the vendor is Open5GS, and the specific source file is /src/smf/gsm-build.c with the vulnerable function gsm_build_pdu_session_establishment_accept.

The CVSS score of 5.3 indicates moderate severity, reflecting a medium impact on availability. EPSS data is not available, so the exact likelihood of exploitation remains uncertain, but the existence of a public exploit and the ability to launch the attack remotely suggest a non‑negligible risk. The flaw is not listed in the CISA KEV catalog. An attacker could orchestrate widespread disruptions by targeting the SMF, potentially affecting many users or entire network slices. The combination of moderate severity and remote availability warrants proactive mitigation.