CVE-2025-15176 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the PFCP (Packet Forwarding Control Protocol) Session Establishment Request Handler, specifically in the functions decode_ipv6_header and ogs_pfcp_pdr_rule_find_by_packet within the source file lib/pfcp/rule-match.c. These functions are responsible for processing IPv6 headers and matching PFCP PDR (Packet Detection Rules) rules against incoming packets. Due to improper handling of crafted packets, an attacker can trigger a reachable assertion, which is a type of programmatic check that, when failed, causes the application to abort or crash. This leads to a denial of service condition by crashing the Open5GS PFCP handler. The vulnerability can be exploited remotely over the network without requiring any authentication or user interaction, making it accessible to unauthenticated attackers. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on availability (VA:L) with no impact on confidentiality or integrity. Although no confirmed exploits in the wild have been reported, a public exploit has been published, increasing the risk of exploitation. The patch identified by commit b72d8349980076e2c033c8324f07747a86eea4f8 addresses this issue and should be applied promptly. This vulnerability affects Open5GS versions 2.7.0 through 2.7.5, which are commonly deployed in 5G core networks, particularly in research, testing, and some production environments that rely on open-source 5G core implementations.

The primary impact of CVE-2025-15176 is denial of service against Open5GS 5G core network components handling PFCP session establishment. Successful exploitation can cause the PFCP handler to crash, disrupting the control plane communications between the control and user plane functions in the 5G core. This disruption can lead to dropped sessions, degraded network performance, and potential outages for mobile subscribers relying on affected infrastructure. Given the critical role of Open5GS in 5G core networks, such outages can affect telecommunication service providers, enterprises deploying private 5G networks, and research institutions. The vulnerability does not directly compromise confidentiality or integrity but can degrade availability, impacting end-user connectivity and service reliability. The ease of remote exploitation without authentication increases the risk, especially in environments where Open5GS is exposed to untrusted networks. The availability of a public exploit further raises the likelihood of attacks, potentially leading to targeted denial of service campaigns against vulnerable 5G networks.

To mitigate CVE-2025-15176, organizations should immediately apply the official patch identified by commit b72d8349980076e2c033c8324f07747a86eea4f8 to all affected Open5GS instances running versions 2.7.0 through 2.7.5. Network administrators should restrict access to PFCP ports (typically UDP 8805) using firewall rules to limit exposure to trusted network segments only. Implement network segmentation to isolate 5G core components from untrusted networks and monitor PFCP traffic for anomalies or malformed packets indicative of exploitation attempts. Employ intrusion detection/prevention systems (IDS/IPS) with signatures or heuristics targeting malformed PFCP session establishment requests. Regularly update Open5GS to newer versions beyond 2.7.5 where this vulnerability is fixed. Additionally, conduct thorough testing in staging environments before deploying patches to production to avoid service disruptions. Maintain incident response plans to quickly address potential denial of service incidents affecting 5G core infrastructure.