CVE-2025-26265: openairinterface5g: segfault enables DoS via crafted UE message

MEDIUM PoC AVAILABLE
Published March 27, 2025
CISO Take

A memory corruption flaw (CWE-119) in openairinterface5g v2.1.0 allows a network-adjacent attacker to crash the 5G RAN process by sending a maliciously crafted UE Context Modification response, resulting in a denial of service. Despite the CVSS User Interaction requirement — which in this protocol context reflects a handshake condition that occurs routinely in live networks rather than a human click — a public proof-of-concept from MobiCom 2025 ARCANE research lowers exploitation difficulty for any attacker with access to the control-plane interface. The package carries an OpenSSF Scorecard of 6.3/10 and five other CVEs, signaling systemic security debt. Organizations running AI workloads over private 5G or O-RAN infrastructure should patch immediately and restrict access to F1-C/NG-C control-plane interfaces to trusted segments.

Sources: NVD OpenSSF ATLAS

What is the risk?

Medium risk in isolation, elevated for AI-enabled 5G deployments. The attack path is network-accessible with low complexity and no privileges required. The 'user interaction required' CVSS constraint reflects a protocol flow dependency — not a human action — making exploitation feasible for any attacker who can inject or relay a malformed UE Context Modification response. With a public PoC available via academic publication, weaponization is accessible to moderately skilled adversaries. Not in CISA KEV and EPSS is unavailable, but the published exploit and the 13,670 reported downstream dependents warrant elevated attention for research and edge AI deployments.

What systems are affected?

Package Ecosystem Vulnerable Range Patched
OpenAI Python pip No patch
31.1K OpenSSF 6.9 17.3K dependents Pushed 13d ago 14% patched ~23d to patch Full package profile →

Do you use OpenAI Python? You're affected.

How severe is it?

CVSS 3.1
6.5 / 10
EPSS
0.4%
chance of exploitation in 30 days
Higher than 35% of all CVEs
Exploitation Status
Exploit Available
Exploitation: MEDIUM
Sophistication
Moderate
Exploitation Confidence
medium
Public PoC indexed (trickest/cve)
Composite signal derived from CISA KEV, VulnCheck KEV, CISA SSVC, EPSS, Metasploit, Exploit-DB, trickest/cve, Nuclei templates, and inthewild.io exploitation reports.

What is the attack surface?

AV AC PR UI S C I A
AV Network
AC Low
PR None
UI Required
S Unchanged
C None
I None
A High

What should I do?

6 steps
  1. Patch to the latest openairinterface5g release that resolves this segfault.

  2. If immediate patching is not feasible, deploy protocol-level input validation at F1-AP/NGAP to drop malformed UE Context Modification responses before they reach the vulnerable process.

  3. Restrict network access to RAN control-plane interfaces (F1-C, NG-C) to trusted IP ranges only.

  4. Implement process watchdog with automatic restart for the gNB/CU-CP component to minimize downtime from successful DoS attempts.

  5. Monitor for segmentation fault events and core dumps in openairinterface5g process logs as indicators of active exploitation.

  6. Review and address the additional 5 CVEs and OpenSSF Scorecard deficiencies (6.3/10) to reduce the overall attack surface.

What does CISA's SSVC say?

Decision Track
Exploitation none
Automatable No
Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

How is it classified?

Which compliance frameworks are affected?

This CVE is relevant to:

EU AI Act
Art. 15 - Accuracy, robustness and cybersecurity
ISO 42001
A.9.3 - Information security incident management for AI systems
NIST AI RMF
MANAGE-2.4 - AI System Availability and Resilience

Frequently Asked Questions

What is CVE-2025-26265?

A memory corruption flaw (CWE-119) in openairinterface5g v2.1.0 allows a network-adjacent attacker to crash the 5G RAN process by sending a maliciously crafted UE Context Modification response, resulting in a denial of service. Despite the CVSS User Interaction requirement — which in this protocol context reflects a handshake condition that occurs routinely in live networks rather than a human click — a public proof-of-concept from MobiCom 2025 ARCANE research lowers exploitation difficulty for any attacker with access to the control-plane interface. The package carries an OpenSSF Scorecard of 6.3/10 and five other CVEs, signaling systemic security debt. Organizations running AI workloads over private 5G or O-RAN infrastructure should patch immediately and restrict access to F1-C/NG-C control-plane interfaces to trusted segments.

Is CVE-2025-26265 actively exploited?

Proof-of-concept exploit code is publicly available for CVE-2025-26265, increasing the risk of exploitation.

How to fix CVE-2025-26265?

1. Patch to the latest openairinterface5g release that resolves this segfault. 2. If immediate patching is not feasible, deploy protocol-level input validation at F1-AP/NGAP to drop malformed UE Context Modification responses before they reach the vulnerable process. 3. Restrict network access to RAN control-plane interfaces (F1-C, NG-C) to trusted IP ranges only. 4. Implement process watchdog with automatic restart for the gNB/CU-CP component to minimize downtime from successful DoS attempts. 5. Monitor for segmentation fault events and core dumps in openairinterface5g process logs as indicators of active exploitation. 6. Review and address the additional 5 CVEs and OpenSSF Scorecard deficiencies (6.3/10) to reduce the overall attack surface.

What systems are affected by CVE-2025-26265?

This vulnerability affects the following AI/ML architecture patterns: 5G/O-RAN infrastructure hosting AI workloads, Edge AI inference deployments over private 5G, Federated learning nodes on 5G networks, AI-enabled autonomous and robotics systems using 5G connectivity.

What is the CVSS score for CVE-2025-26265?

CVE-2025-26265 has a CVSS v3.1 base score of 6.5 (MEDIUM). The EPSS exploitation probability is 0.44%.

What is the AI security impact?

Affected AI Architectures

5G/O-RAN infrastructure hosting AI workloadsEdge AI inference deployments over private 5GFederated learning nodes on 5G networksAI-enabled autonomous and robotics systems using 5G connectivity

MITRE ATLAS Techniques

AML.T0029 Denial of AI Service
AML.T0049 Exploit Public-Facing Application

Compliance Controls Affected

EU AI Act: Art. 15
ISO 42001: A.9.3
NIST AI RMF: MANAGE-2.4

What are the technical details?

Original Advisory

A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.

Exploitation Scenario

An adversary with access to the 5G RAN control plane — via a rogue UE device, a compromised small cell, or a man-in-the-middle position on the F1 interface — sends a specially crafted UE Context Modification response to the openairinterface5g gNB process. The malformed message triggers a boundary violation (CWE-119) causing a segmentation fault that crashes the process. In an AI/ML context, this could be timed to disrupt an edge inference cluster serving a critical application — autonomous vehicle coordination, factory robotics, or real-time anomaly detection — knocking all connected inference endpoints offline simultaneously. The publicly available ARCANE PoC from MobiCom 2025 provides a ready-made exploit template, requiring no deep protocol expertise to adapt.

Weaknesses (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer: The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

  • [Requirements] Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a language's interface to native code may still be subject to overflows, even if the language itself is theoretically safe.
  • [Architecture and Design] Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.

Source: MITRE CWE corpus.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Timeline

Published
March 27, 2025
Last Modified
April 11, 2025
First Seen
March 27, 2025

Related Vulnerabilities