CVE-2025-15176: Reachable Assertion in Open5GS
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.
CVE-2025-15176: Reachable Assertion in Open5GS
Description
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-12-28T08:25:27.283Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 695220d8fd294cd93b70cdba
Added to database: 12/29/2025, 6:34:00 AM
Last updated: 12/29/2025, 7:37:06 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-15228: CWE-434 Unrestricted Upload of File with Dangerous Type in WELLTEND TECHNOLOGY BPMFlowWebkit
CriticalCVE-2025-15227: CWE-36 Absolute Path Traversal in WELLTEND TECHNOLOGY BPMFlowWebkit
HighCVE-2025-15226: CWE-434 Unrestricted Upload of File with Dangerous Type in Sunnet WMPro
CriticalCVE-2025-15225: CWE-23 Relative Path Traversal in Sunnet WMPro
HighCVE-2025-15175: Cross Site Scripting in SohuTV CacheCloud
MediumActions
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.