CVE-2025-15417 is a vulnerability discovered in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw exists in the sgwc_s11_handle_create_session_request function located in the src/sgwc/s11-handler.c file, specifically within the GTPv2-C F-TEID Handler component. This function handles the creation of session requests in the S11 interface, which is critical for managing user sessions in the 5G core. The vulnerability arises from improper handling or validation of input data, allowing an attacker with local access and low privileges to manipulate the function's behavior, leading to a denial of service (DoS) condition. This DoS can disrupt the session management process, potentially causing service outages or degraded network performance. Exploitation does not require user interaction or elevated privileges beyond local access, making it a concern for insiders or compromised local systems. The vulnerability has a CVSS 4.8 score, reflecting medium severity due to the limited attack vector (local) and the impact confined to availability. A patch has been released (commit 465273d13ba5d47b274c38c9d1b07f04859178a1) to address the issue by correcting the handling logic in the affected function. No known exploits are currently active in the wild, but public exploit code availability increases the risk of future attacks. Open5GS versions from 2.7.0 through 2.7.6 are affected, so users of these versions should apply the patch promptly to mitigate the risk.

The primary impact of CVE-2025-15417 is a denial of service condition within the 5G core network infrastructure using Open5GS. This can lead to session management failures, causing dropped or failed user sessions, degraded network performance, and potential service outages. For mobile network operators and enterprises relying on Open5GS for 5G core functions, this can translate into customer dissatisfaction, revenue loss, and reputational damage. Since the attack requires local access, the threat is more significant in environments where internal systems or administrators could be compromised or malicious. The disruption of session creation may also affect downstream services dependent on stable 5G connectivity, impacting IoT deployments, critical communications, and enterprise applications. Although the vulnerability does not allow remote exploitation or privilege escalation, the availability impact on core network functions makes it a significant operational risk.

To mitigate CVE-2025-15417, organizations should immediately apply the official patch identified by commit 465273d13ba5d47b274c38c9d1b07f04859178a1 to all affected Open5GS instances running versions 2.7.0 through 2.7.6. Beyond patching, organizations should enforce strict access controls and monitoring on systems hosting Open5GS to prevent unauthorized local access. Implementing host-based intrusion detection systems (HIDS) and continuous monitoring can help detect suspicious activities indicative of exploitation attempts. Network segmentation should be used to isolate critical 5G core components from less trusted internal networks. Regular audits of user privileges and system logs can help identify potential insider threats. Additionally, organizations should maintain up-to-date backups and have incident response plans tailored for 5G core network disruptions. Testing patches in a staging environment before production deployment is recommended to avoid unintended service interruptions.