CVE-2025-15418 is a vulnerability in Open5GS, an open-source implementation of the 5G core network, specifically affecting versions 2.7.0 through 2.7.6. The issue resides in the function ogs_gtp2_parse_bearer_qos located in lib/gtp/v2/types.c, which handles the Bearer QoS Information Element (IE) length parsing. Improper handling of manipulated Bearer QoS IE length values can lead to a denial of service condition, likely by causing a crash or resource exhaustion in the affected component. The attack vector requires local access with low privileges, meaning an attacker must have some level of access to the system running Open5GS but does not need elevated privileges or user interaction to trigger the vulnerability. The CVSS 4.0 base score is 4.8, reflecting medium severity due to the limited attack vector and impact scope. The vulnerability has been publicly disclosed with exploit code available, increasing the risk of exploitation. The patch addressing this issue is identified by the commit hash 4e913d21f2c032b187815f063dbab5ebe65fe83a and should be applied to mitigate the risk. Open5GS is widely used by telecom operators and private 5G network deployments, making this vulnerability relevant to critical communication infrastructure.

For European organizations, particularly telecom operators, mobile network providers, and enterprises deploying private 5G networks using Open5GS, this vulnerability poses a risk of denial of service, potentially disrupting 5G core network functions. Such disruption can affect service availability, impacting end-user connectivity and critical communications. Given the local access requirement, the threat is more significant in environments where internal network segmentation or access controls are weak, allowing attackers or malicious insiders to reach vulnerable components. The public availability of exploit code increases the likelihood of opportunistic attacks. Disruption of 5G core network services can have cascading effects on dependent services such as IoT, emergency communications, and enterprise applications, potentially causing operational and reputational damage. The medium severity rating reflects the limited scope but non-negligible impact on availability in critical telecom infrastructure.

European organizations should immediately assess their Open5GS deployments to determine if affected versions (2.7.0 to 2.7.6) are in use. Applying the official patch identified by commit 4e913d21f2c032b187815f063dbab5ebe65fe83a is the primary mitigation step. Network segmentation and strict access controls should be enforced to limit local access to systems running Open5GS, reducing the attack surface. Monitoring and logging of local access attempts and unusual behavior in the Bearer QoS handling components can help detect exploitation attempts. Organizations should also consider deploying intrusion detection systems tailored to detect malformed GTPv2 messages indicative of exploitation attempts. Regular vulnerability scanning and patch management processes must be enhanced to quickly identify and remediate such vulnerabilities. Finally, conducting security awareness and insider threat training can reduce the risk posed by malicious insiders who might exploit local access.