Security Advisory

CVE-2025-41068

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-27 12:47:57
Last updated 2025-10-29 10:28:05
Assigner INCIBE
State PUBLISHED

Description

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the process, leaving the discovery service unresponsive.