CVE-2025-66786

Published: Jan 7, 2026Modified: Jan 29, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

OpenAirInterface CN5G AMF<=v2.0.1 There is a logical error when processing JSON format requests. Unauthorized remote attackers can send malicious JSON data to AMF's SBI interface to launch a denial-of-service attack.

Affected (1)

Products: Openairinterface: Oai Cn5g Amf

Openairinterface

1 product

Oai Cn5g Amf

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Openairinterface Oai Cn5g Amf	Up to 2.0.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://github.com/swallele/Vulnerability/blob/main/Openairinterface/Dos/Json_Dos.md

Source: cve@mitre.org

Broken Link

Timeline

No history available yet.