How severe is CVE-2025-1925?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2025-1925?

This is classified as CWE-404, which is a common weakness in software security.

CVE-2025-1925 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

A vulnerability classified as problematic was found in Open5GS up to 2.7.2. Affected by this vulnerability is the function amf_nsmf_pdusession_handle_update_sm_context of the file src/amf/nsmf-handler.c of the component AMF. The manipulation leads to denial of service. The attack can be launched remotely. This vulnerability allows a single UE to crash the AMF, resulting in the complete loss of mobility and session management services and causing a network-wide outage. All registered UEs will lose connectivity, and new registrations will be blocked until the AMF is restarted, leading to a high availability impact. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue.

Related Vulnerabilities

CVE-2017-18898

MEDIUM

CVSS:5.3(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.

CWE-4042017

CVE-2018-8836

MEDIUM

CVSS:5.3(Medium)

Wago 750 Series PLCs with firmware version 10 and prior include a remote attack may take advantage of an improper implementation of the 3 way handshake during a TCP connection affecting the communicat...

CWE-4042018

CVE-2020-12439

MEDIUM

CVSS:5.3(Medium)

Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain.

CWE-4042020

CVE-2020-27283

MEDIUM

CVSS:5.3(Medium)

An attacker could send a specially crafted message to Crimson 3.1 (Build versions prior to 3119.001) that could leak arbitrary memory locations.

CWE-4042020

CVE-2020-28327

MEDIUM

CVSS:5.3(Medium)

A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1. and Certified Asterisk before 16.8-cert5. Upon re...

CWE-4042020

CVE-2021-21003

MEDIUM

CVSS:5.3(Medium)

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. The switching functionality of the de...

CWE-4042021