Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service. This occurs in the parse_multipart function in lib/sbi/message.c.
[
{
"id": "CVE-2025-55904-3343e521",
"target": {
"file": "lib/sbi/message.c"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/67ba7f92bbd7a378954895d96d9d7b05d5b64615",
"signature_type": "Line",
"digest": {
"line_hashes": [
"201700677197356887779969475830737458061",
"19452742769453645295826166084320051732",
"91678101313197481398819163478538817055"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2025-55904-7f55c6b3",
"target": {
"function": "parse_multipart",
"file": "lib/sbi/message.c"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/67ba7f92bbd7a378954895d96d9d7b05d5b64615",
"signature_type": "Function",
"digest": {
"function_hash": "318118460869665651524483070428036911886",
"length": 4052.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-55904.json"
"2026-04-12T17:57:40Z"