Denial of Service Vulnerability in Open5GS by Open5GS
CVE-2025-15417

4.8MEDIUM

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
1 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-15417?

A vulnerability exists in the Open5GS product that affects the GTPv2-C F-TEID Handler, specifically within the sgwc_s11_handle_create_session_request function. This flaw allows an attacker to manipulate the code in such a way that it could lead to a denial of service. The attack needs to be performed locally, and exploits for this vulnerability are publicly available. To address this issue, users are advised to apply the patch identified by commit 465273d13ba5d47b274c38c9d1b07f04859178a1, which contains the necessary corrections to mitigate the risk.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15417 - Proof of Concept

References

https://vuldb.com/?id.339339
vdb-entrytechnical-description
https://vuldb.com/?ctiid.339339
signaturepermissions-required
https://vuldb.com/?submit.727616
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZiyuLin (VulDB User)
JSON
.