CVE-2025-63288
- Source
- https://cve.org/CVERecord?id=CVE-2025-63288
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63288.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-63288
- Published
- 2025-11-10T19:15:57.490Z
- Modified
- 2026-04-02T12:59:14.123219Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.
- References
Affected packages
Git / github.com/open5gs/open5gs
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.12
v2.4.14
v2.4.15
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.5.6
v2.5.8
v2.5.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63288.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"264386814081266206685259265141360653363",
"218850988914290149902809050281484959983",
"73507849549415670847889208781796064838",
"134333251512657731807803554572987735404"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-061e1474",
"target": {
"file": "src/mme/s1ap-path.h"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "15952107711940792023220290189530381548",
"length": 4443.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-1a309368",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_e_rab_modification_indication"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "199074765876415162132689505562593464563",
"length": 8570.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-23a0b982",
"target": {
"file": "src/amf/ngap-handler.c",
"function": "ngap_handle_path_switch_request"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "177257600161162663046462548266652224654",
"length": 6852.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-3676d508",
"target": {
"file": "src/amf/ngap-handler.c",
"function": "ngap_handle_ran_configuration_update"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "162056016715973816662433848909912315467",
"length": 4386.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-3a285726",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_s1_setup_request"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "45645245674856503680503597858764898662",
"length": 2104.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-3bcd11f2",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_enb_configuration_transfer"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "263880516878342551121290369409123324105",
"length": 9373.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-5172b8cc",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_path_switch_request"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"163493002448127638706738527246051988451",
"139993526354131318861220751960803857190",
"226574431011839811089261613548361648943",
"29588649690773832154575303829907619623",
"20190736589695813494960316804559657177",
"337584229783577672288512712480269839978",
"14287525337120602669520305278451473240",
"388092551232027431464230820384668710",
"211820091600888543517190146399089339761",
"51780299467717151478186654311570031644",
"327279199936275949637360887631835813726",
"147708509840904846276994695531589284196",
"78434434529416294360434149949140372036",
"118699988896794387263870242582998761635",
"243456882055940807283299368150744216386",
"144696721930455710357016861641651611171",
"201196224004278425745215459422482065593",
"138089339271810427746083222926536300053",
"43551444491234057194211902577475018437",
"143357227756145048653423478135799772718",
"148514919928949622710197055407777923767",
"6982942358509838474024324639649147643",
"318362898782707665533089766206748219212"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-5beb57dc",
"target": {
"file": "src/mme/s1ap-path.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"236197840605459413015189566481284251107",
"314075395521574179144758593487663299695",
"5320050796279618607789227841231681075",
"237802802163221112165783670886479683550",
"214896200790069871744751527530731819758",
"143591765357265518162881562833726819867",
"215015435059010450885984487568006194285",
"135958343748750974603074439659181921821",
"282007569900864761701713118029177062886",
"314717955403609355094609689541070619966",
"253735886990520290143909070063100868587",
"125131211089711640961115425040174490029",
"180506949562645424301171762585733791468",
"62040149438076239827893846256363987860",
"202647522834569270225404694328370254876",
"184894653438125483974566440794290325977",
"86173362460558247965218723369347177588",
"291097031325425533853846404799431624525",
"209140241299693679628721347162981727947",
"243466953462035284775368203674388737862",
"139701757350865324630339073333532332811",
"14655041580047317207619902113044511124",
"149973091303984401643282993265081329762",
"219889787832744869833933506952284864570",
"44741218116879908039997599399178744466",
"212155832451619748555504417413271623872",
"199770338735991525853076225681708687636",
"62040149438076239827893846256363987860",
"202647522834569270225404694328370254876",
"184894653438125483974566440794290325977",
"98207848546466049515608675746807364515",
"80247756674997287028967449009119303358",
"66497203345063891913249716567648732710",
"117803967765937527231256762727801532157",
"38807520420101739108848873309839432703",
"219889787832744869833933506952284864570",
"44741218116879908039997599399178744466",
"212155832451619748555504417413271623872",
"199770338735991525853076225681708687636",
"39704815397495438447646673724315551695",
"64361294765400344076413720249161250547",
"184894653438125483974566440794290325977",
"86173362460558247965218723369347177588",
"291097031325425533853846404799431624525",
"209140241299693679628721347162981727947",
"36404190259419918833922415983745638982",
"208805930107037878918314978547649493497",
"117693849770676897035690689645890289896",
"36404190259419918833922415983745638982",
"208805930107037878918314978547649493497",
"117693849770676897035690689645890289896",
"225898460220549929226547027989999499112",
"96474622136186339830736670209480740797",
"150407988600415380660984216776744140390",
"195856454237929724227683578885850251270",
"240288205070431404857720250567215751362",
"50785070712426162657465810437795361132",
"283590412444973403081180420675686110892",
"262670686468801924377666328517332544938",
"128263213640907814580675558983105936020",
"62040149438076239827893846256363987860",
"202647522834569270225404694328370254876",
"184894653438125483974566440794290325977",
"98207848546466049515608675746807364515",
"80247756674997287028967449009119303358",
"66497203345063891913249716567648732710",
"227001769780903195359720509599711867870",
"251917178924602555136135104688349999317",
"184894653438125483974566440794290325977",
"86173362460558247965218723369347177588",
"291097031325425533853846404799431624525",
"209140241299693679628721347162981727947",
"243466953462035284775368203674388737862",
"139701757350865324630339073333532332811",
"14655041580047317207619902113044511124",
"149973091303984401643282993265081329762",
"219889787832744869833933506952284864570",
"44741218116879908039997599399178744466",
"212155832451619748555504417413271623872",
"199770338735991525853076225681708687636",
"41148586967943790781921377799605706655",
"102853446132905717156648864874861715005",
"226990506128661476588230523114673547688",
"180450212848969847882855684303636109122",
"337062015532353316501517334065191161329",
"70154370758059825214204955653973085741",
"114106846932157775283712441141652473787",
"219049915297719347274168825394003994424",
"36404190259419918833922415983745638982",
"208805930107037878918314978547649493497",
"117693849770676897035690689645890289896",
"206090548527565539066207394552102618806",
"213537256421931236954787076018379862562",
"269141824182187215554194601638363232404",
"146454012209740862850430986197603109234",
"124870636260048500143655368792152048541",
"301855634357057126365318810395580406599",
"299815961900456693965362840224810578125",
"180659344508212979400846021802126652127",
"121905786144621660976298856095150147108",
"31569689266697331112749335063819781451",
"175458830337243570487580463804514894325",
"80825467325282846998036346729846014181",
"247773333085970613084994996593553205228",
"129096323588633155491167486694895386806",
"832586503911222196815363724521612306",
"227559106088655097187060838224673074694",
"170391597833808416376188768273288054183",
"195952615192393356601080038178902615002",
"184894653438125483974566440794290325977",
"163737762322413602244962595829005554797",
"138075329315002855996152112901840762560",
"152419935585521918037422537142111133848",
"61775968816021918362754630498726902347",
"272911539563392517011960538181455633662",
"219889787832744869833933506952284864570",
"225365790058999388502468596129623888687",
"287154863862983188534548763309716022264",
"221056833292242191930472561269799091889"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-5c2ae95e",
"target": {
"file": "src/mme/s1ap-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "330479624106795432851393409722790452943",
"length": 5702.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-72ef0b9e",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_handover_notification"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "10585691887195563516290795461568758726",
"length": 6343.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-80343339",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_handover_request_ack"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "70473576556573593381761063366828866769",
"length": 3153.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-894592fc",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_enb_configuration_update"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "260700067419300247779228577321645107785",
"length": 5145.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-a27882a2",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_initial_ue_message"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "294003789778784920020439190034781701205",
"length": 4523.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-a5c4fbef",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_initial_context_setup_response"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "11837417999391887578312342474045625997",
"length": 5420.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-ba2cd3da",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_e_rab_setup_response"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "251862639708700853755668704038672549752",
"length": 619.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-bade334c",
"target": {
"file": "src/mme/s1ap-path.c",
"function": "s1ap_send_error_indication2"
}
},
{
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"line_hashes": [
"211470162661014943347746013852961098069",
"335106675508412986203159499473050602139",
"109514224778747479142526927520476704514",
"270445599485425456611460333874771151085",
"181582390713230145448432133470119813781",
"189058039291762365598789767182710865017"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-ca76af49",
"target": {
"file": "src/amf/ngap-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "170996774481431907340625327575491863970",
"length": 5235.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-e1fac176",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_uplink_nas_transport"
}
},
{
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"function_hash": "325169157625548858484557032382866393608",
"length": 2789.0
},
"source": "https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5",
"id": "CVE-2025-63288-fb30b98c",
"target": {
"file": "src/mme/s1ap-handler.c",
"function": "s1ap_handle_enb_direct_information_transfer"
}
}
]