Uncovering Threats and Exposing Vulnerabilities in Next-Gen Cellular RAN
Black Hat USA 2025 · Day 1 · Briefings
Penn State University researchers Tianchang and Kai discovered 26 vulnerabilities — 22 of which received CVE assignments — across leading open-source and commercial Open RAN (O-RAN) implementations, including the O-RAN Software Community reference RIC, SD-RAN, and OpenAirInterface disaggregated RAN nodes. Their end-to-end fuzzing framework, delivered via the standardized E2 interface, enabled a malicious user device or compromised RAN node to crash the Central Unit (CU) or the E2 Termination (E2T) message router — knocking all connected users off the network in demonstrated live attacks. ---
AI review
Penn State PhD students found 26 vulnerabilities across O-RAN critical infrastructure and built a fuzzing framework that works across implementations without per-target harnesses. The E2T single-point-of-failure crash demo against running 5G infrastructure is the kind of result that should be in every 5G standards committee inbox.