CVE-2025-15417 is a vulnerability in Open5GS, an open-source 5G core network software widely used for implementing 5G core network functions. The vulnerability exists in the sgwc_s11_handle_create_session_request function within the src/sgwc/s11-handler.c file, which handles GTPv2-C (GPRS Tunneling Protocol version 2 - Control plane) F-TEID (Fully Qualified Tunnel Endpoint Identifier) processing during session creation requests. Improper handling or manipulation of this function can lead to a denial of service condition, causing the affected component to crash or become unresponsive. The attack vector requires local access with low privileges, meaning an attacker must have some form of access to the system running Open5GS but does not need elevated privileges or user interaction to exploit the flaw. The vulnerability has a CVSS 4.8 (medium) score under CVSS v4.0, reflecting its moderate impact and limited attack vector. The exploit code has been made publicly available, increasing the risk of exploitation, although no active exploitation has been reported. The patch to remediate this issue is identified by commit 465273d13ba5d47b274c38c9d1b07f04859178a1 and should be applied to all affected versions from 2.7.0 through 2.7.6. This vulnerability affects the availability of the 5G core network functions, potentially disrupting mobile network services dependent on Open5GS.

The primary impact of CVE-2025-15417 is a denial of service condition affecting the availability of 5G core network components running Open5GS. For European telecom operators and infrastructure providers using Open5GS, exploitation could lead to service disruptions, impacting mobile broadband and critical communications services. This could degrade user experience, cause network outages, and potentially affect emergency communications relying on 5G networks. Although the attack requires local access, insider threats or compromised internal systems could leverage this vulnerability to disrupt network operations. Given the increasing adoption of open-source 5G core solutions in Europe, the vulnerability poses a risk to network reliability and operational continuity. The absence of known active exploitation reduces immediate risk, but the public availability of exploit code necessitates proactive patching to prevent future attacks. Disruptions in 5G services could also have cascading effects on IoT deployments, industrial automation, and other sectors dependent on 5G connectivity in Europe.

European organizations using Open5GS should immediately apply the patch identified by commit 465273d13ba5d47b274c38c9d1b07f04859178a1 to all affected versions (2.7.0 through 2.7.6). Network administrators should verify that only trusted personnel have local access to Open5GS systems, implementing strict access controls and monitoring for unauthorized access attempts. Employ network segmentation to isolate Open5GS components from less trusted networks and users, reducing the risk of local exploitation. Regularly audit and monitor logs for anomalous activity related to session creation requests or GTPv2-C traffic. Consider deploying intrusion detection systems (IDS) capable of identifying abnormal GTPv2-C messages or malformed session requests. Maintain up-to-date backups and incident response plans to quickly recover from potential service disruptions. Finally, coordinate with telecom vendors and security teams to stay informed about further updates or advisories related to Open5GS vulnerabilities.