CVE-2025-15417

low-risk
Published 2026-01-01

A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1. A patch should be applied to remediate this issue.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Affected Vendors

Open5Gs

References (9)

https://github.com/open5gs/open5gs/
Patch https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178...
Exploit https://github.com/open5gs/open5gs/issues/4203
Exploit https://github.com/open5gs/open5gs/issues/4203#issue-3719257558
Exploit https://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498
Permissions Required https://vuldb.com/?ctiid.339339
Third Party Advisory https://vuldb.com/?id.339339
Third Party Advisory https://vuldb.com/?submit.727616
Exploit https://github.com/open5gs/open5gs/issues/4203#issue-3719257558
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal