How to fix EUVD-2025-16763?

Within 30 days: Identify affected systems running Open5GS and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Is Open5gs affected by EUVD-2025-16763?

Organizations using Open5GS should be aware of moderate risk from CVE-2025-5520 rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available. A patch is available and should be applied during regular vulnerability management.

EUVD-2025-16763

| CVE-2025-5520 MEDIUM

2025-06-03 [email protected]

5.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 17:04 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 17:04 euvd

EUVD-2025-16763

Patch Released

Mar 14, 2026 - 17:04 nvd

Patch available

PoC Detected

Jun 09, 2025 - 15:13 vuln.today

Public exploit code

CVE Published

Jun 03, 2025 - 18:15 nvd

MEDIUM 5.3

Description

A vulnerability was found in Open5GS up to 2.7.3. It has been classified as problematic. Affected is the function gmm_state_authentication/emm_state_authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 9f5d133657850e6167231527514ee1364d37a884. It is recommended to apply a patch to fix this issue. This is a different issue than CVE-2025-1893.

Analysis

Technical Context

This vulnerability is classified as Reachable Assertion (CWE-617).

Affected Products

Affected products: Open5Gs Open5Gs

Remediation

A vendor patch is available. Apply it as soon as possible and verify the fix.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.2

CVSS: +26

POC: +20

Vendor Status

Debian

Bug #1094791

open5gs

Release	Status	Fixed Version	Urgency
	open	-	-

EUVD-2025-16763 vulnerability details – vuln.today

Back

EUVD-2025-16763

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Debian

Share

EUVD-2025-16763

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Debian

Share

External POC / Exploit Code