{"id":"CVE-2025-63288","details":"In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service.","modified":"2026-04-02T12:59:14.123219Z","published":"2025-11-10T19:15:57.490Z","references":[{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/issues/4087"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"last_affected":"d9d3abdd480be96fac3bc8a997e83446648763ca"},{"fixed":"be765fe2b03e350836272eee5afb3931bdfb86d5"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.7.6"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.11","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.7","v0.3.8","v0.3.9","v0.4.0","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.1","v2.3.2","v2.3.6","v2.4.0","v2.4.1","v2.4.12","v2.4.14","v2.4.15","v2.4.3","v2.4.4","v2.4.5","v2.4.7","v2.4.8","v2.4.9","v2.5.6","v2.5.8","v2.5.9","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.6","v2.7.0","v2.7.1","v2.7.2","v2.7.5","v2.7.6"],"database_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["264386814081266206685259265141360653363","218850988914290149902809050281484959983","73507849549415670847889208781796064838","134333251512657731807803554572987735404"]},"target":{"file":"src/mme/s1ap-path.h"},"id":"CVE-2025-63288-061e1474","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"length":4443,"function_hash":"15952107711940792023220290189530381548"},"target":{"function":"s1ap_handle_e_rab_modification_indication","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-1a309368","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":8570,"function_hash":"199074765876415162132689505562593464563"},"target":{"function":"ngap_handle_path_switch_request","file":"src/amf/ngap-handler.c"},"id":"CVE-2025-63288-23a0b982","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":6852,"function_hash":"177257600161162663046462548266652224654"},"target":{"function":"ngap_handle_ran_configuration_update","file":"src/amf/ngap-handler.c"},"id":"CVE-2025-63288-3676d508","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":4386,"function_hash":"162056016715973816662433848909912315467"},"target":{"function":"s1ap_handle_s1_setup_request","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-3a285726","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":2104,"function_hash":"45645245674856503680503597858764898662"},"target":{"function":"s1ap_handle_enb_configuration_transfer","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-3bcd11f2","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":9373,"function_hash":"263880516878342551121290369409123324105"},"target":{"function":"s1ap_handle_path_switch_request","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-5172b8cc","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["163493002448127638706738527246051988451","139993526354131318861220751960803857190","226574431011839811089261613548361648943","29588649690773832154575303829907619623","20190736589695813494960316804559657177","337584229783577672288512712480269839978","14287525337120602669520305278451473240","388092551232027431464230820384668710","211820091600888543517190146399089339761","51780299467717151478186654311570031644","327279199936275949637360887631835813726","147708509840904846276994695531589284196","78434434529416294360434149949140372036","118699988896794387263870242582998761635","243456882055940807283299368150744216386","144696721930455710357016861641651611171","201196224004278425745215459422482065593","138089339271810427746083222926536300053","43551444491234057194211902577475018437","143357227756145048653423478135799772718","148514919928949622710197055407777923767","6982942358509838474024324639649147643","318362898782707665533089766206748219212"]},"target":{"file":"src/mme/s1ap-path.c"},"id":"CVE-2025-63288-5beb57dc","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"threshold":0.9,"line_hashes":["236197840605459413015189566481284251107","314075395521574179144758593487663299695","5320050796279618607789227841231681075","237802802163221112165783670886479683550","214896200790069871744751527530731819758","143591765357265518162881562833726819867","215015435059010450885984487568006194285","135958343748750974603074439659181921821","282007569900864761701713118029177062886","314717955403609355094609689541070619966","253735886990520290143909070063100868587","125131211089711640961115425040174490029","180506949562645424301171762585733791468","62040149438076239827893846256363987860","202647522834569270225404694328370254876","184894653438125483974566440794290325977","86173362460558247965218723369347177588","291097031325425533853846404799431624525","209140241299693679628721347162981727947","243466953462035284775368203674388737862","139701757350865324630339073333532332811","14655041580047317207619902113044511124","149973091303984401643282993265081329762","219889787832744869833933506952284864570","44741218116879908039997599399178744466","212155832451619748555504417413271623872","199770338735991525853076225681708687636","62040149438076239827893846256363987860","202647522834569270225404694328370254876","184894653438125483974566440794290325977","98207848546466049515608675746807364515","80247756674997287028967449009119303358","66497203345063891913249716567648732710","117803967765937527231256762727801532157","38807520420101739108848873309839432703","219889787832744869833933506952284864570","44741218116879908039997599399178744466","212155832451619748555504417413271623872","199770338735991525853076225681708687636","39704815397495438447646673724315551695","64361294765400344076413720249161250547","184894653438125483974566440794290325977","86173362460558247965218723369347177588","291097031325425533853846404799431624525","209140241299693679628721347162981727947","36404190259419918833922415983745638982","208805930107037878918314978547649493497","117693849770676897035690689645890289896","36404190259419918833922415983745638982","208805930107037878918314978547649493497","117693849770676897035690689645890289896","225898460220549929226547027989999499112","96474622136186339830736670209480740797","150407988600415380660984216776744140390","195856454237929724227683578885850251270","240288205070431404857720250567215751362","50785070712426162657465810437795361132","283590412444973403081180420675686110892","262670686468801924377666328517332544938","128263213640907814580675558983105936020","62040149438076239827893846256363987860","202647522834569270225404694328370254876","184894653438125483974566440794290325977","98207848546466049515608675746807364515","80247756674997287028967449009119303358","66497203345063891913249716567648732710","227001769780903195359720509599711867870","251917178924602555136135104688349999317","184894653438125483974566440794290325977","86173362460558247965218723369347177588","291097031325425533853846404799431624525","209140241299693679628721347162981727947","243466953462035284775368203674388737862","139701757350865324630339073333532332811","14655041580047317207619902113044511124","149973091303984401643282993265081329762","219889787832744869833933506952284864570","44741218116879908039997599399178744466","212155832451619748555504417413271623872","199770338735991525853076225681708687636","41148586967943790781921377799605706655","102853446132905717156648864874861715005","226990506128661476588230523114673547688","180450212848969847882855684303636109122","337062015532353316501517334065191161329","70154370758059825214204955653973085741","114106846932157775283712441141652473787","219049915297719347274168825394003994424","36404190259419918833922415983745638982","208805930107037878918314978547649493497","117693849770676897035690689645890289896","206090548527565539066207394552102618806","213537256421931236954787076018379862562","269141824182187215554194601638363232404","146454012209740862850430986197603109234","124870636260048500143655368792152048541","301855634357057126365318810395580406599","299815961900456693965362840224810578125","180659344508212979400846021802126652127","121905786144621660976298856095150147108","31569689266697331112749335063819781451","175458830337243570487580463804514894325","80825467325282846998036346729846014181","247773333085970613084994996593553205228","129096323588633155491167486694895386806","832586503911222196815363724521612306","227559106088655097187060838224673074694","170391597833808416376188768273288054183","195952615192393356601080038178902615002","184894653438125483974566440794290325977","163737762322413602244962595829005554797","138075329315002855996152112901840762560","152419935585521918037422537142111133848","61775968816021918362754630498726902347","272911539563392517011960538181455633662","219889787832744869833933506952284864570","225365790058999388502468596129623888687","287154863862983188534548763309716022264","221056833292242191930472561269799091889"]},"target":{"file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-5c2ae95e","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"length":5702,"function_hash":"330479624106795432851393409722790452943"},"target":{"function":"s1ap_handle_handover_notification","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-72ef0b9e","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":6343,"function_hash":"10585691887195563516290795461568758726"},"target":{"function":"s1ap_handle_handover_request_ack","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-80343339","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":3153,"function_hash":"70473576556573593381761063366828866769"},"target":{"function":"s1ap_handle_enb_configuration_update","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-894592fc","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":5145,"function_hash":"260700067419300247779228577321645107785"},"target":{"function":"s1ap_handle_initial_ue_message","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-a27882a2","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":4523,"function_hash":"294003789778784920020439190034781701205"},"target":{"function":"s1ap_handle_initial_context_setup_response","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-a5c4fbef","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":5420,"function_hash":"11837417999391887578312342474045625997"},"target":{"function":"s1ap_handle_e_rab_setup_response","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-ba2cd3da","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":619,"function_hash":"251862639708700853755668704038672549752"},"target":{"function":"s1ap_send_error_indication2","file":"src/mme/s1ap-path.c"},"id":"CVE-2025-63288-bade334c","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"threshold":0.9,"line_hashes":["211470162661014943347746013852961098069","335106675508412986203159499473050602139","109514224778747479142526927520476704514","270445599485425456611460333874771151085","181582390713230145448432133470119813781","189058039291762365598789767182710865017"]},"target":{"file":"src/amf/ngap-handler.c"},"id":"CVE-2025-63288-ca76af49","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"digest":{"length":5235,"function_hash":"170996774481431907340625327575491863970"},"target":{"function":"s1ap_handle_uplink_nas_transport","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-e1fac176","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"digest":{"length":2789,"function_hash":"325169157625548858484557032382866393608"},"target":{"function":"s1ap_handle_enb_direct_information_transfer","file":"src/mme/s1ap-handler.c"},"id":"CVE-2025-63288-fb30b98c","source":"https://github.com/open5gs/open5gs/commit/be765fe2b03e350836272eee5afb3931bdfb86d5","signature_version":"v1","deprecated":false,"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-63288.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}