CVE-2025-26265: openairinterface5g: segfault enables DoS via crafted UE message
MEDIUM PoC AVAILABLEA memory corruption flaw (CWE-119) in openairinterface5g v2.1.0 allows a network-adjacent attacker to crash the 5G RAN process by sending a maliciously crafted UE Context Modification response, resulting in a denial of service. Despite the CVSS User Interaction requirement — which in this protocol context reflects a handshake condition that occurs routinely in live networks rather than a human click — a public proof-of-concept from MobiCom 2025 ARCANE research lowers exploitation difficulty for any attacker with access to the control-plane interface. The package carries an OpenSSF Scorecard of 6.3/10 and five other CVEs, signaling systemic security debt. Organizations running AI workloads over private 5G or O-RAN infrastructure should patch immediately and restrict access to F1-C/NG-C control-plane interfaces to trusted segments.
What is the risk?
Medium risk in isolation, elevated for AI-enabled 5G deployments. The attack path is network-accessible with low complexity and no privileges required. The 'user interaction required' CVSS constraint reflects a protocol flow dependency — not a human action — making exploitation feasible for any attacker who can inject or relay a malformed UE Context Modification response. With a public PoC available via academic publication, weaponization is accessible to moderately skilled adversaries. Not in CISA KEV and EPSS is unavailable, but the published exploit and the 13,670 reported downstream dependents warrant elevated attention for research and edge AI deployments.
What systems are affected?
| Package | Ecosystem | Vulnerable Range | Patched |
|---|---|---|---|
| OpenAI Python | pip | — | No patch |
Do you use OpenAI Python? You're affected.
How severe is it?
What is the attack surface?
What should I do?
6 steps-
Patch to the latest openairinterface5g release that resolves this segfault.
-
If immediate patching is not feasible, deploy protocol-level input validation at F1-AP/NGAP to drop malformed UE Context Modification responses before they reach the vulnerable process.
-
Restrict network access to RAN control-plane interfaces (F1-C, NG-C) to trusted IP ranges only.
-
Implement process watchdog with automatic restart for the gNB/CU-CP component to minimize downtime from successful DoS attempts.
-
Monitor for segmentation fault events and core dumps in openairinterface5g process logs as indicators of active exploitation.
-
Review and address the additional 5 CVEs and OpenSSF Scorecard deficiencies (6.3/10) to reduce the overall attack surface.
What does CISA's SSVC say?
Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.
How is it classified?
Which compliance frameworks are affected?
This CVE is relevant to:
Frequently Asked Questions
What is CVE-2025-26265?
A memory corruption flaw (CWE-119) in openairinterface5g v2.1.0 allows a network-adjacent attacker to crash the 5G RAN process by sending a maliciously crafted UE Context Modification response, resulting in a denial of service. Despite the CVSS User Interaction requirement — which in this protocol context reflects a handshake condition that occurs routinely in live networks rather than a human click — a public proof-of-concept from MobiCom 2025 ARCANE research lowers exploitation difficulty for any attacker with access to the control-plane interface. The package carries an OpenSSF Scorecard of 6.3/10 and five other CVEs, signaling systemic security debt. Organizations running AI workloads over private 5G or O-RAN infrastructure should patch immediately and restrict access to F1-C/NG-C control-plane interfaces to trusted segments.
Is CVE-2025-26265 actively exploited?
Proof-of-concept exploit code is publicly available for CVE-2025-26265, increasing the risk of exploitation.
How to fix CVE-2025-26265?
1. Patch to the latest openairinterface5g release that resolves this segfault. 2. If immediate patching is not feasible, deploy protocol-level input validation at F1-AP/NGAP to drop malformed UE Context Modification responses before they reach the vulnerable process. 3. Restrict network access to RAN control-plane interfaces (F1-C, NG-C) to trusted IP ranges only. 4. Implement process watchdog with automatic restart for the gNB/CU-CP component to minimize downtime from successful DoS attempts. 5. Monitor for segmentation fault events and core dumps in openairinterface5g process logs as indicators of active exploitation. 6. Review and address the additional 5 CVEs and OpenSSF Scorecard deficiencies (6.3/10) to reduce the overall attack surface.
What systems are affected by CVE-2025-26265?
This vulnerability affects the following AI/ML architecture patterns: 5G/O-RAN infrastructure hosting AI workloads, Edge AI inference deployments over private 5G, Federated learning nodes on 5G networks, AI-enabled autonomous and robotics systems using 5G connectivity.
What is the CVSS score for CVE-2025-26265?
CVE-2025-26265 has a CVSS v3.1 base score of 6.5 (MEDIUM). The EPSS exploitation probability is 0.44%.
What is the AI security impact?
Affected AI Architectures
MITRE ATLAS Techniques
AML.T0029 Denial of AI Service AML.T0049 Exploit Public-Facing Application Compliance Controls Affected
What are the technical details?
Original Advisory
A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.
Exploitation Scenario
An adversary with access to the 5G RAN control plane — via a rogue UE device, a compromised small cell, or a man-in-the-middle position on the F1 interface — sends a specially crafted UE Context Modification response to the openairinterface5g gNB process. The malformed message triggers a boundary violation (CWE-119) causing a segmentation fault that crashes the process. In an AI/ML context, this could be timed to disrupt an edge inference cluster serving a critical application — autonomous vehicle coordination, factory robotics, or real-time anomaly detection — knocking all connected inference endpoints offline simultaneously. The publicly available ARCANE PoC from MobiCom 2025 provides a ready-made exploit template, requiring no deep protocol expertise to adapt.
Weaknesses (CWE)
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer: The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
- [Requirements] Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
- [Architecture and Design] Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Source: MITRE CWE corpus.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H References
- anonymous.4open.science/r/Mobicom-ARCANE-36B7/README.md Exploit
- gitlab.eurecom.fr/oai/openairinterface5g Product
- sigmobile.org/mobicom/2025/ Not Applicable
Timeline
Related Vulnerabilities
CVE-2025-53767 10.0 Azure OpenAI: SSRF EoP, no auth required (CVSS 10)
Same package: openai CVE-2023-3686 9.8 QuickAI: unauthenticated SQLi exposes OpenAI API keys
Same package: openai CVE-2025-65805 7.5 OAI CN5G AMF: Unauthenticated buffer overflow, RCE/DoS
Same package: openai CVE-2025-66786 7.5 OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface
Same package: openai CVE-2025-7021 6.5 OpenAI Operator: fullscreen spoofing captures credentials
Same package: openai