{"id":"CVE-2025-7485","details":"A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_recv_handler/s1ap_recv_handler/recv_handler of the component SCTP Partial Message Handler. The manipulation leads to reachable assertion. The attack needs to be approached locally. The patch is named cfa44575020f3fb045fd971358442053c8684d3d. It is recommended to apply a patch to fix this issue.","modified":"2026-04-12T22:13:22.515241Z","published":"2025-07-12T19:15:25.993Z","references":[{"type":"ADVISORY","url":"https://vuldb.com/?id.316135"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.610601"},{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/3878#issuecomment-2853775136"},{"type":"REPORT","url":"https://github.com/open5gs/open5gs/issues/3878/"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.316135"},{"type":"FIX","url":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/open5gs/open5gs","events":[{"introduced":"0"},{"fixed":"d9d3abdd480be96fac3bc8a997e83446648763ca"},{"fixed":"cfa44575020f3fb045fd971358442053c8684d3d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.7.6"}]}}],"versions":["v0.1.0","v0.1.1","v0.2.0","v0.3.0","v0.3.1","v0.3.10","v0.3.2","v0.3.3","v0.3.4","v0.3.5","v0.3.6","v0.3.8","v0.4.1","v0.4.2","v0.4.3","v0.4.4","v0.5.0","v0.5.1","v0.5.2","v1.0.0","v1.1.0","v1.2.0","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.3.0","v2.0.0","v2.0.18","v2.0.22","v2.1.0","v2.1.1","v2.1.3","v2.1.4","v2.1.5","v2.1.7","v2.2.0","v2.2.1","v2.2.6","v2.2.7","v2.2.8","v2.2.9","v2.3.0","v2.3.2","v2.3.6","v2.4.0","v2.4.1","v2.4.3","v2.4.4","v2.4.5","v2.4.7","v2.4.8","v2.4.9","v2.6.1","v2.6.2","v2.6.3","v2.6.4","v2.6.6","v2.7.0","v2.7.1","v2.7.2","v2.7.5"],"database_specific":{"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["236708272592195309345743116922401382139","266985117475815159505707893933304722731","50089631656990493252274030914149446915","145939175042328406979442792962645697583","275694616838224944812519996709679284904","296944962070419949781383728697935756945","300951675319205105486184956364112345092","247919910160056093084840417266823534548","274139416842450466711674564105015325135","176424166304258035335426614203991169186","48830185450102507716304780526768918560"],"threshold":0.9},"id":"CVE-2025-7485-03806c6e","target":{"file":"src/mme/s1ap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"digest":{"length":3832,"function_hash":"42429509430925897440647909782092700125"},"id":"CVE-2025-7485-305cc250","target":{"function":"ngap_recv_handler","file":"src/amf/ngap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"length":3832,"function_hash":"124580004338984325936172407846941432463"},"id":"CVE-2025-7485-489334a9","target":{"function":"s1ap_recv_handler","file":"src/mme/s1ap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"length":3370,"function_hash":"13376800030624399981228641208836493922"},"id":"CVE-2025-7485-ad44bb83","target":{"function":"recv_handler","file":"src/mme/sgsap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"line_hashes":["121522754593288476372833759571128415432","266985117475815159505707893933304722731","50089631656990493252274030914149446915","145939175042328406979442792962645697583","275694616838224944812519996709679284904","296944962070419949781383728697935756945","300951675319205105486184956364112345092","247919910160056093084840417266823534548","274139416842450466711674564105015325135","176424166304258035335426614203991169186","48830185450102507716304780526768918560"],"threshold":0.9},"id":"CVE-2025-7485-d2b38aa5","target":{"file":"src/amf/ngap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"digest":{"line_hashes":["251660031026403065568141688990912201703","266985117475815159505707893933304722731","50089631656990493252274030914149446915","145939175042328406979442792962645697583","275694616838224944812519996709679284904","296944962070419949781383728697935756945","300951675319205105486184956364112345092","247919910160056093084840417266823534548","274139416842450466711674564105015325135","176424166304258035335426614203991169186","48830185450102507716304780526768918560"],"threshold":0.9},"id":"CVE-2025-7485-ecd43a90","target":{"file":"src/mme/sgsap-sctp.c"},"source":"https://github.com/open5gs/open5gs/commit/cfa44575020f3fb045fd971358442053c8684d3d","signature_version":"v1","signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-7485.json","vanir_signatures_modified":"2026-04-12T22:13:22Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X"}]}