CVE-2025-55904

Published: Sep 17, 2025

Modified: Sep 17, 2025

PUBLISHED

Description

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service. This occurs in the parse_multipart function in lib/sbi/message.c.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/open5gs/open5gs/commit/67ba7f92bbd7a378954895d96d9d7b05d5b64615

https://github.com/open5gs/open5gs/issues/3942

https://github.com/tsiamoulis/vuln-research/tree/main/CVE-2025-55904

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-55904

Description

Affected Products

References