Description

Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service. This occurs in the parse_multipart function in lib/sbi/message.c.

INFO

Published Date :

2025-09-17T00:00:00.000Z

Last Modified :

2025-09-17T14:28:46.520Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2025-55904 vulnerability.

Vendors Products
Open5gs
  • Open5gs
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-55904.

URL Resource
https://github.com/open5gs/open5gs/commit/67ba7f92bbd7a378954895d96d9d7b05d5b64615 cve-icon cve-icon
https://github.com/open5gs/open5gs/issues/3942 cve-icon cve-icon
https://github.com/tsiamoulis/vuln-research/tree/main/CVE-2025-55904 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact