CVE-2025-26265: openairinterface5g: segfault enables DoS via crafted UE message

MEDIUM PoC AVAILABLE

Published March 27, 2025

CISO Take

A memory corruption flaw (CWE-119) in openairinterface5g v2.1.0 allows a network-adjacent attacker to crash the 5G RAN process by sending a maliciously crafted UE Context Modification response, resulting in a denial of service. Despite the CVSS User Interaction requirement — which in this protocol context reflects a handshake condition that occurs routinely in live networks rather than a human click — a public proof-of-concept from MobiCom 2025 ARCANE research lowers exploitation difficulty for any attacker with access to the control-plane interface. The package carries an OpenSSF Scorecard of 6.3/10 and five other CVEs, signaling systemic security debt. Organizations running AI workloads over private 5G or O-RAN infrastructure should patch immediately and restrict access to F1-C/NG-C control-plane interfaces to trusted segments.

Sources: NVD OpenSSF ATLAS

Risk Assessment

Medium risk in isolation, elevated for AI-enabled 5G deployments. The attack path is network-accessible with low complexity and no privileges required. The 'user interaction required' CVSS constraint reflects a protocol flow dependency — not a human action — making exploitation feasible for any attacker who can inject or relay a malformed UE Context Modification response. With a public PoC available via academic publication, weaponization is accessible to moderately skilled adversaries. Not in CISA KEV and EPSS is unavailable, but the published exploit and the 13,670 reported downstream dependents warrant elevated attention for research and edge AI deployments.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
openairinterface5g	pip	—	No patch
30.4K OpenSSF 6.3 13.7K dependents Pushed 3d ago 0% patched Full package profile →

Do you use openairinterface5g? You're affected.

Severity & Risk

CVSS 3.1

6.5 / 10

EPSS

N/A

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Moderate

Exploitation Confidence

medium

○ Public PoC indexed (trickest/cve)

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Recommended Action

Patch to the latest openairinterface5g release that resolves this segfault.
If immediate patching is not feasible, deploy protocol-level input validation at F1-AP/NGAP to drop malformed UE Context Modification responses before they reach the vulnerable process.
Restrict network access to RAN control-plane interfaces (F1-C, NG-C) to trusted IP ranges only.
Implement process watchdog with automatic restart for the gNB/CU-CP component to minimize downtime from successful DoS attempts.
Monitor for segmentation fault events and core dumps in openairinterface5g process logs as indicators of active exploitation.
Review and address the additional 5 CVEs and OpenSSF Scorecard deficiencies (6.3/10) to reduce the overall attack surface.

Classification

DoS Inference AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 15 - Accuracy, robustness and cybersecurity

ISO 42001

A.9.3 - Information security incident management for AI systems

NIST AI RMF

MANAGE-2.4 - AI System Availability and Resilience

Technical Details

NVD Description

A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.

Exploitation Scenario

An adversary with access to the 5G RAN control plane — via a rogue UE device, a compromised small cell, or a man-in-the-middle position on the F1 interface — sends a specially crafted UE Context Modification response to the openairinterface5g gNB process. The malformed message triggers a boundary violation (CWE-119) causing a segmentation fault that crashes the process. In an AI/ML context, this could be timed to disrupt an edge inference cluster serving a critical application — autonomous vehicle coordination, factory robotics, or real-time anomaly detection — knocking all connected inference endpoints offline simultaneously. The publicly available ARCANE PoC from MobiCom 2025 provides a ready-made exploit template, requiring no deep protocol expertise to adapt.