What is the CVSS score of CVE-2025-5520?

CVE-2025-5520 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.2%.

Which versions of Open5gs are affected by CVE-2025-5520?

Organizations using Open5GS should be aware of moderate risk from CVE-2025-5520 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2025-5520?

Yes, a public proof-of-concept exploit is available for CVE-2025-5520. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-5520?

Within 30 days: Identify affected systems running Open5GS and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Open5gs CVE-2025-5520

EUVD-2025-16763 MEDIUM

Reachable Assertion (CWE-617)

2025-06-03 cna@vuldb.com

Denial Of Service Debian Open5gs

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16763

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

Patch released

Mar 14, 2026 - 17:04 nvd

Patch available

PoC Detected

Jun 09, 2025 - 15:13 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 18:15 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.

Analysis

Technical ContextAI

This vulnerability is classified as Reachable Assertion (CWE-617).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

Vendor StatusVendor

Debian

Bug #1094791

open5gs

Release	Status	Fixed Version	Urgency
	open	-	-

CVE-2025-5520 vulnerability details – vuln.today

Back

Open5gs CVE-2025-5520

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code