CVE-2025-15176 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for 5G network infrastructure. The flaw resides in the PFCP (Packet Forwarding Control Protocol) Session Establishment Request Handler, specifically in the functions decode_ipv6_header and ogs_pfcp_pdr_rule_find_by_packet within the source file lib/pfcp/rule-match.c. The vulnerability manifests as a reachable assertion, which occurs when certain manipulated input packets cause the program to hit an assertion failure during PFCP session establishment. This can lead to a denial of service by crashing or destabilizing the affected process. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS v4.0 score is 6.9 (medium severity), reflecting the network attack vector, low attack complexity, and no privileges or user interaction needed, but limited impact on confidentiality, integrity, and availability. The issue affects Open5GS versions 2.7.0 through 2.7.5. A patch has been released (commit b72d8349980076e2c033c8324f07747a86eea4f8) to address this flaw. While no active exploitation in the wild has been reported, a public exploit is available, which could facilitate attacks if not mitigated. Open5GS is often deployed in private and public 5G networks, making this vulnerability relevant for operators and enterprises relying on this software for core network functions.

For European organizations, the impact of CVE-2025-15176 primarily involves potential denial of service conditions within 5G core network components using Open5GS. Disruption of PFCP session establishment can degrade network availability, affecting mobile broadband services, IoT connectivity, and critical communications. This could lead to service outages, impacting end-users and business operations dependent on 5G connectivity. Although the vulnerability does not directly compromise confidentiality or integrity, the availability impact on network infrastructure is significant, especially for telecom operators and enterprises deploying private 5G networks. Given the increasing reliance on 5G for digital transformation, industrial automation, and smart city applications in Europe, unpatched systems could face operational disruptions. Additionally, the public availability of an exploit increases the risk of opportunistic attacks targeting vulnerable deployments. Organizations may also face regulatory and reputational risks if service disruptions affect customers or critical services.

European organizations should immediately identify all Open5GS deployments running versions 2.7.0 through 2.7.5 and apply the official patch corresponding to commit b72d8349980076e2c033c8324f07747a86eea4f8. Network operators should implement strict network segmentation and filtering to restrict PFCP traffic to trusted sources only, minimizing exposure to untrusted networks. Monitoring and logging of PFCP session establishment requests should be enhanced to detect anomalous or malformed packets indicative of exploitation attempts. Employing intrusion detection systems (IDS) with signatures for this vulnerability can provide early warning. Organizations should also review and harden their 5G core network configurations, ensuring minimal attack surface and adherence to security best practices. Regular vulnerability scanning and penetration testing of 5G infrastructure components are advised to detect similar issues proactively. Finally, maintain up-to-date threat intelligence feeds to stay informed about any emerging exploitation trends related to this vulnerability.