CVE-2025-8804
- Source
- https://cve.org/CVERecord?id=CVE-2025-8804
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8804.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-8804
- Published
- 2025-08-10T10:15:26.647Z
- Modified
- 2026-04-12T22:06:18.671998Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ngapbuilddownlinknastransport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is bca0a7b6e01d254f4223b83831162566d4626428. It is recommended to upgrade the affected component.
- References
-
- https://github.com/ZHENGHAOHELLO/BugReport/blob/main/CVE-2025-8804
- https://vuldb.com/?submit.625698
- https://github.com/open5gs/open5gs/releases/tag/v2.7.6
- https://vuldb.com/?id.319333
- https://vuldb.com/?submit.626124
- https://github.com/open5gs/open5gs/issues/3950#issuecomment-3034693457
- https://vuldb.com/?ctiid.319333
- https://github.com/open5gs/open5gs/issues/3950
- https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428
- https://github.com/user-attachments/files/21030801/newdata_for_ngap.zip
Affected packages
Git / github.com/open5gs/open5gs
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.8
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-8804.json"
vanir_signatures_modified
"2026-04-12T22:06:18Z"
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"301301722341441134369934511735618371841",
"227279355900403902120015462553070683343",
"116167711291504658741956617460775935456",
"34177483276213920227428266241007379562"
]
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-0eb6dfc9",
"signature_type": "Line",
"target": {
"file": "src/amf/ngap-build.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"103066522144633649659127578203973929729",
"57478437868522128278949508410204416360",
"292032095480174028970965658099307690308",
"76390899831670878565023154127682789982",
"61121834613189196417690955056490179428",
"116596755780812649443698859232289699953",
"217883840415240883678772169613922344026",
"14772995887168985947444587145736174496",
"60080903495183531472130685489130822258",
"298505349624669491536601128350824664525",
"337871275205122053615402045404744975644",
"47942751713861348293783652115358128486",
"234113638110693580048003601156577554649",
"55399714024352066514342941033910504059",
"87992821553591089695307161649552275069",
"26015059188587744116552127458849815391",
"10997632916059781039592122936261624123"
]
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-2218a62f",
"signature_type": "Line",
"target": {
"file": "src/amf/ngap-build.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 901.0,
"function_hash": "13275324431308204516180805901335972456"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-28a5d035",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_identity_request",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1544.0,
"function_hash": "58547867474689981043962518261900791716"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-3cdeb219",
"signature_type": "Function",
"target": {
"function": "nas_send_pdu_session_release_command",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 980.0,
"function_hash": "307237499806495744807842117348547113016"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-3dd0af03",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_de_registration_request",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 396.0,
"function_hash": "294378566889558424493060662034995007531"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-3f6c9c86",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_service_reject",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 932.0,
"function_hash": "62408917282634700524957742784458599457"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-47d3e1f7",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_security_mode_command",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 888.0,
"function_hash": "288180678918662743785878832766217164343"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-51cded23",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_de_registration_accept",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 642.0,
"function_hash": "142789318740999955986696156178366679272"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-56897a49",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_authentication_reject",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"187869461855556078967565128298265416326",
"232527834016363379977252207178161242469",
"70871252115164703417613588410095589237",
"82689461601566459091559201102225505688"
]
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-64064fc7",
"signature_type": "Line",
"target": {
"file": "src/amf/nas-path.h"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 3855.0,
"function_hash": "141994838680753283561600595291010714841"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-64412b29",
"signature_type": "Function",
"target": {
"function": "ngap_build_downlink_nas_transport",
"file": "src/amf/ngap-build.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 980.0,
"function_hash": "120400608293292056791916399497074717657"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-6d6b68e0",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_authentication_request",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 596.0,
"function_hash": "202524391693938359194316873193433215345"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-7765cc23",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_gmm_status",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1015.0,
"function_hash": "195830185038115236823600054276272929900"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-7ec8cbdd",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_registration_reject",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1387.0,
"function_hash": "200596469535166428942657329858057042056"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-86469872",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_configuration_update_command",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 349.0,
"function_hash": "309545004912713770859305619733673083986"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-90769495",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_to_downlink_nas_transport",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 826.0,
"function_hash": "188743423418359180334536398415306480557"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-97e06c06",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_dl_nas_transport",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1947.0,
"function_hash": "270963552850717326991922733915063733836"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-e5895de9",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_registration_accept",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1304.0,
"function_hash": "305064595896850915785708471212593360802"
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-ef9ce7e2",
"signature_type": "Function",
"target": {
"function": "nas_5gs_send_service_accept",
"file": "src/amf/nas-path.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"164055862463337788506784402018943653764",
"31750508807629650582502715241166852896",
"242595268017335642244919102805964639427",
"166316189787939930591456735281424801794",
"75354683872150820669418055439382330163",
"19740584175652593799223953087051575832",
"17618440364701227904767988131076852314",
"326412212821496515395433250588101529362",
"130000642623036394344917887715999568183",
"228795714477950205649784476233509177904",
"200685461994284975939672710879175659582",
"233761424158756534711369550526002844391",
"201165506216576388584177511897679924229",
"125644707174026615174932181657926865808",
"49961785103703648010071944532629992922",
"104316883457162730861941369729319405445",
"61275406454689586810950452097805438214",
"172654189134729223568886821577003296936",
"29123967785457964151896175480347244738",
"158279441640265489640389352110946899669",
"123378026503810668894353973027620558418",
"329319625015862892213353422556580624213",
"49961785103703648010071944532629992922",
"104316883457162730861941369729319405445",
"61275406454689586810950452097805438214",
"172654189134729223568886821577003296936",
"49961785103703648010071944532629992922",
"150459950046217594965807256186767637371",
"275183659355037737634912249381737608596",
"145768043249851207244815333599151397331",
"189356896262350488486450595239129915244",
"85230973419148610392356656867235960312",
"64455160154409519901730412199381160733",
"172654189134729223568886821577003296936",
"60056286847482173147960325337111470684",
"183711975368391301665598756625459697450",
"145575992616141193282331908536449109202",
"172654189134729223568886821577003296936",
"278328830338669645276576902482955166811",
"309563687840392098738613800886337649566",
"209032684585256182176274466811782368178",
"172654189134729223568886821577003296936",
"52120506254916426385332667302798454259",
"333768329024178671829040224690940785489",
"210882388609745865705161552254571954818",
"172654189134729223568886821577003296936",
"203377467504577144814790779329200974564",
"68144201990459379654673985451135690477",
"322425517768929091392281060544314678355",
"172654189134729223568886821577003296936",
"48942395196399716209468555234548543470",
"288070503229190896382802009835089628592",
"99514555958749023219809028366044437636",
"172654189134729223568886821577003296936",
"88574150361310813921278568555483890135",
"330835514866386097781833110478340733776",
"339094785391682940196392673665991271817",
"297056630592663620027742397511591258951",
"225874131848798171712621402149868133948",
"104316883457162730861941369729319405445",
"61275406454689586810950452097805438214",
"172654189134729223568886821577003296936",
"265561494064380463522036537980422289339",
"104316883457162730861941369729319405445",
"61275406454689586810950452097805438214",
"172654189134729223568886821577003296936"
]
},
"source": "https://github.com/open5gs/open5gs/commit/bca0a7b6e01d254f4223b83831162566d4626428",
"id": "CVE-2025-8804-efce1cc9",
"signature_type": "Line",
"target": {
"file": "src/amf/nas-path.c"
}
}
]