top of page
perceptive_background_267k.jpg

FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this …

Published:

31 May 2026 at 22:00:00

Alert date:

1 June 2026 at 22:04:03

Source:

nvd.nist.gov

Click to open the original link from this advisory

Network Infrastructure, Critical Infrastructure

FlexRIC v2.0.0 contains a denial of service vulnerability where malformed E42_RIC_SUBSCRIPTION_REQUEST messages with empty ricEventTriggerDefinition fields can crash the iApp process. The vulnerability stems from a cross-layer validation mismatch between the E42 decoder and E2AP encoder. Remote unauthenticated attackers can exploit this flaw to cause SIGABRT crashes on port 36422. This affects the FlexRIC framework used in O-RAN telecommunications infrastructure. The issue represents a critical availability impact for network operations.

Technical details

Mitigation steps:

Affected products:

FlexRIC

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-37225
https://github.com/MinamiKotor1/oran-security-advisories-zhongnan-luo/blob/main/advisories/CVE-2026-37225.md
https://gitlab.eurecom.fr/mosaic5g/flexric

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page