CVE-2025-66786 — HIGH (CVSS 7.5)

CISO Take

OpenAirInterface 5G Core AMF (v2.0.1 and below) has a logic flaw in its JSON parser on the Service-Based Interface (SBI) that lets any unauthenticated attacker on the network crash the function with a single malicious HTTP request — no credentials, no complexity, no user interaction required (CVSS 7.5, AV:N/AC:L/PR:N/UI:N). AMF is the 5G core's access control brain; taking it down disconnects all attached UEs, which matters directly to organizations running private 5G networks that carry AI edge inference traffic, IoT telemetry pipelines, or AI-enabled industrial workloads. While there is no public exploit and the vulnerability is not in CISA KEV, the trivially-low attack complexity on a network-exposed API with 13,670 downstream dependents is a meaningful exposure window. Operators should immediately restrict SBI interface reachability to trusted internal 5G core segments and monitor for anomalous JSON payloads until an official patch or workaround from the OpenAirInterface project is confirmed — the sole reference link in the advisory is currently broken.

Sources: NVD ATLAS OpenSSF

What is the risk?

Risk is HIGH for organizations operating private 5G deployments (telecom labs, enterprise 5G, research networks). Attack complexity is trivial: unauthenticated network access plus a crafted JSON payload is all that is required. Availability impact is total for connected devices — an AMF outage means all UEs lose network registration. The broken advisory reference makes patch availability unclear, extending the exposure window. For pure cloud AI workloads with no 5G dependency, risk is LOW. For 5G-connected AI edge deployments (manufacturing, healthcare, autonomous systems), risk is HIGH given the availability-only but operationally critical impact.

What systems are affected?

Package	Ecosystem	Vulnerable Range	Patched
oai-cn5g-amf	pip	—	No patch
30.8K OpenSSF 6.3 13.8K dependents Pushed 6d ago 0% patched Full package profile →

Do you use oai-cn5g-amf? You're affected.

Severity & Risk

CVSS 3.1

7.5 / 10

EPSS

0.2%

chance of exploitation in 30 days

Higher than 42% of all CVEs

Source: EPSS v3 — FIRST.org

Exploitation Status

Exploit Available

Exploitation: MEDIUM

Sophistication

Trivial

Exploitation Confidence

medium

○ CISA SSVC: Public PoC

Composite signal derived from CISA KEV, CISA SSVC, EPSS, trickest/cve, and Nuclei templates.

Attack Surface

AV Network

AC Low

PR None

UI None

S Unchanged

C None

I None

A High

What should I do?

5 steps

Restrict AMF SBI interface (typically TCP 80/443) to authorized 5G core network segments via firewall or network policy — prevent any untrusted host from reaching it.
Monitor for unrecognized or malformed JSON payloads on SBI endpoints using network IDS signatures targeting CWE-20 patterns.
Apply the upstream patch from the OpenAirInterface project as soon as it is published; track the GitHub repository at open-air-interface/oai-cn5g-amf for releases beyond v2.0.1.
If a patch is not yet available, consider deploying a WAF or API gateway in front of the SBI that enforces JSON schema validation and rejects malformed bodies.
Establish out-of-band alerting for AMF process crashes to detect exploitation attempts in production.

CISA SSVC Assessment

Decision Track*

Exploitation poc

Automatable Yes

Technical Impact partial

Source: CISA Vulnrichment (SSVC v2.0). Decision based on the CISA Coordinator decision tree.

Classification

DoS API Inference AML.T0006 - Active Scanning AML.T0029 - Denial of AI Service AML.T0049 - Exploit Public-Facing Application

Compliance Impact

This CVE is relevant to:

EU AI Act

Art. 9 - Risk Management System Article 9 - Risk management system

ISO 42001

A.6.5 - AI system operation A.9.2 - AI System Availability and Resilience

NIST AI RMF

GOVERN-6.1 - Policies and procedures for AI risk management MANAGE-2.4 - Residual Risks and Recovery

OWASP LLM Top 10

LLM10:2025 - Unbounded Consumption

Frequently Asked Questions

What is CVE-2025-66786?

OpenAirInterface 5G Core AMF (v2.0.1 and below) has a logic flaw in its JSON parser on the Service-Based Interface (SBI) that lets any unauthenticated attacker on the network crash the function with a single malicious HTTP request — no credentials, no complexity, no user interaction required (CVSS 7.5, AV:N/AC:L/PR:N/UI:N). AMF is the 5G core's access control brain; taking it down disconnects all attached UEs, which matters directly to organizations running private 5G networks that carry AI edge inference traffic, IoT telemetry pipelines, or AI-enabled industrial workloads. While there is no public exploit and the vulnerability is not in CISA KEV, the trivially-low attack complexity on a network-exposed API with 13,670 downstream dependents is a meaningful exposure window. Operators should immediately restrict SBI interface reachability to trusted internal 5G core segments and monitor for anomalous JSON payloads until an official patch or workaround from the OpenAirInterface project is confirmed — the sole reference link in the advisory is currently broken.

Is CVE-2025-66786 actively exploited?

No confirmed active exploitation of CVE-2025-66786 has been reported, but organizations should still patch proactively.

How to fix CVE-2025-66786?

1. Restrict AMF SBI interface (typically TCP 80/443) to authorized 5G core network segments via firewall or network policy — prevent any untrusted host from reaching it. 2. Monitor for unrecognized or malformed JSON payloads on SBI endpoints using network IDS signatures targeting CWE-20 patterns. 3. Apply the upstream patch from the OpenAirInterface project as soon as it is published; track the GitHub repository at open-air-interface/oai-cn5g-amf for releases beyond v2.0.1. 4. If a patch is not yet available, consider deploying a WAF or API gateway in front of the SBI that enforces JSON schema validation and rejects malformed bodies. 5. Establish out-of-band alerting for AMF process crashes to detect exploitation attempts in production.

What systems are affected by CVE-2025-66786?

This vulnerability affects the following AI/ML architecture patterns: 5G edge AI deployments, AI-enabled IoT pipelines over private 5G, Model serving at the network edge.

What is the CVSS score for CVE-2025-66786?

CVE-2025-66786 has a CVSS v3.1 base score of 7.5 (HIGH). The EPSS exploitation probability is 0.20%.

Technical Details

NVD Description

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

Exploitation Scenario

An adversary with access to the same network segment as the 5G core (e.g., a compromised edge node, a rogue UE, or an insider on the management network) sends a single HTTP POST request to the AMF's SBI endpoint containing a crafted malicious JSON body that triggers the logic error. The AMF process crashes or enters an unresponsive state. All UEs attempting to register or that are currently registered lose network connectivity. In an AI edge deployment scenario — such as a smart factory running real-time defect detection on 5G-connected cameras — this outage halts all AI inference at the edge until the AMF is manually restarted, potentially creating a physical safety window with no AI monitoring active.