CVE-2025-66786: OAI CN5G AMF: unauthenticated JSON DoS on 5G SBI interface

HIGH

Published January 7, 2026

CISO Take

OpenAirInterface 5G Core AMF (v2.0.1 and below) has a logic flaw in its JSON parser on the Service-Based Interface (SBI) that lets any unauthenticated attacker on the network crash the function with a single malicious HTTP request — no credentials, no complexity, no user interaction required (CVSS 7.5, AV:N/AC:L/PR:N/UI:N). AMF is the 5G core's access control brain; taking it down disconnects all attached UEs, which matters directly to organizations running private 5G networks that carry AI edge inference traffic, IoT telemetry pipelines, or AI-enabled industrial workloads. While there is no public exploit and the vulnerability is not in CISA KEV, the trivially-low attack complexity on a network-exposed API with 13,670 downstream dependents is a meaningful exposure window. Operators should immediately restrict SBI interface reachability to trusted internal 5G core segments and monitor for anomalous JSON payloads until an official patch or workaround from the OpenAirInterface project is confirmed — the sole reference link in the advisory is currently broken.

Sources: NVD ATLAS OpenSSF

Risk Assessment

Risk is HIGH for organizations operating private 5G deployments (telecom labs, enterprise 5G, research networks). Attack complexity is trivial: unauthenticated network access plus a crafted JSON payload is all that is required. Availability impact is total for connected devices — an AMF outage means all UEs lose network registration. The broken advisory reference makes patch availability unclear, extending the exposure window. For pure cloud AI workloads with no 5G dependency, risk is LOW. For 5G-connected AI edge deployments (manufacturing, healthcare, autonomous systems), risk is HIGH given the availability-only but operationally critical impact.

Affected Systems

Package	Ecosystem	Vulnerable Range	Patched
oai-cn5g-amf	pip	—	No patch
30.4K OpenSSF 6.3 13.7K dependents Pushed 3d ago 0% patched Full package profile →

Do you use oai-cn5g-amf? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

N/A

Exploitation Status

No known exploitation

Sophistication

Trivial

Recommended Action

Restrict AMF SBI interface (typically TCP 80/443) to authorized 5G core network segments via firewall or network policy — prevent any untrusted host from reaching it.
Monitor for unrecognized or malformed JSON payloads on SBI endpoints using network IDS signatures targeting CWE-20 patterns.
Apply the upstream patch from the OpenAirInterface project as soon as it is published; track the GitHub repository at open-air-interface/oai-cn5g-amf for releases beyond v2.0.1.
If a patch is not yet available, consider deploying a WAF or API gateway in front of the SBI that enforces JSON schema validation and rejects malformed bodies.
Establish out-of-band alerting for AMF process crashes to detect exploitation attempts in production.

Classification

DoS API Inference AML.T0006 - Active Scanning AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk Management System Article 9 - Risk management system

ISO 42001

A.6.5 - AI system operation A.9.2 - AI System Availability and Resilience

NIST AI RMF

GOVERN-6.1 - Policies and procedures for AI risk management MANAGE-2.4 - Residual Risks and Recovery

OWASP LLM Top 10

LLM10:2025 - Unbounded Consumption

Technical Details

NVD Description

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

Exploitation Scenario

An adversary with access to the same network segment as the 5G core (e.g., a compromised edge node, a rogue UE, or an insider on the management network) sends a single HTTP POST request to the AMF's SBI endpoint containing a crafted malicious JSON body that triggers the logic error. The AMF process crashes or enters an unresponsive state. All UEs attempting to register or that are currently registered lose network connectivity. In an AI edge deployment scenario — such as a smart factory running real-time defect detection on 5G-connected cameras — this outage halts all AI inference at the edge until the AMF is manually restarted, potentially creating a physical safety window with no AI monitoring active.