What is the CVSS score of EUVD-2025-16728?

EUVD-2025-16728 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.3%.

Which versions of Open5gs are affected by EUVD-2025-16728?

Organizations using Open5GS should be aware of moderate risk from CVE-2025-5501 rated CVSS 5.3. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for EUVD-2025-16728?

Yes, a public proof-of-concept exploit is available for EUVD-2025-16728. Prioritise patching immediately. EPSS: 0.3%.

How to fix or mitigate EUVD-2025-16728?

Within 30 days: Identify affected systems running Open5GS and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Open5gs EUVD-2025-16728

| CVE-2025-5501 MEDIUM

Reachable Assertion (CWE-617)

2025-06-03 cna@vuldb.com

Denial Of Service Debian Open5gs

5.3

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

5.3 MEDIUM

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16728

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

Patch released

Mar 14, 2026 - 17:04 nvd

Patch available

PoC Detected

Jun 13, 2025 - 19:36 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 14:15 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.

Analysis

Technical ContextAI

This vulnerability is classified as Reachable Assertion (CWE-617).

RemediationAI

A vendor patch is available. Apply it as soon as possible and verify the fix.

Vendor StatusVendor

Debian

Bug #1094791

open5gs

Release	Status	Fixed Version	Urgency
	open	-	-

EUVD-2025-16728 vulnerability details – vuln.today

Back

Open5gs EUVD-2025-16728

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code