CVE-2025-15418 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the ogs_gtp2_parse_bearer_qos function within the Bearer QoS IE Length Handler (lib/gtp/v2/types.c). This function improperly handles the length field of the Bearer QoS Information Element (IE) in GTPv2 messages, allowing an attacker with local access to craft manipulated packets that trigger a denial of service (DoS) condition. The vulnerability arises from insufficient validation of the IE length, leading to potential memory corruption or application crashes. Exploitation requires local privileges, meaning the attacker must have some level of access to the affected system or network segment. No user interaction or elevated authentication is required beyond local access. The vulnerability has a CVSS v4.0 base score of 4.8, reflecting a medium severity level primarily due to the local attack vector and limited scope. The impact is a denial of service, which can disrupt the availability of the Open5GS core network functions, potentially affecting mobile network services relying on this infrastructure. A patch identified by commit 4e913d21f2c032b187815f063dbab5ebe65fe83a has been released to correct the improper length handling and prevent exploitation. Although no known exploits are currently active in the wild, the public release of exploit code increases the risk of opportunistic attacks. Open5GS deployments should apply the patch promptly to mitigate this vulnerability.

The primary impact of CVE-2025-15418 is denial of service against Open5GS core network components, which can lead to disruption of 5G mobile network services. This can affect network availability, causing dropped connections, service interruptions, or degraded performance for end users. Organizations relying on Open5GS for their 5G core infrastructure, including mobile network operators and private 5G deployments, may experience operational outages or degraded service quality. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact can have cascading effects on business operations, emergency communications, and critical infrastructure relying on 5G connectivity. The requirement for local access limits the attack surface but does not eliminate risk, especially in environments where internal network segmentation or access controls are weak. The public availability of exploit code increases the likelihood of exploitation attempts, particularly from insiders or attackers who have gained local foothold. Overall, the threat poses a moderate risk to organizations deploying Open5GS, particularly those with high availability requirements.

To mitigate CVE-2025-15418, organizations should immediately apply the official patch identified by commit 4e913d21f2c032b187815f063dbab5ebe65fe83a to all affected Open5GS versions (2.7.0 through 2.7.6). Beyond patching, it is critical to enforce strict network segmentation and access controls to limit local access to Open5GS components, reducing the risk of local exploitation. Monitoring and logging of GTPv2 traffic should be enhanced to detect anomalous Bearer QoS IE length values or malformed packets indicative of exploitation attempts. Implementing intrusion detection systems (IDS) with signatures targeting this vulnerability can provide early warning. Regular security audits and penetration testing should verify that local access controls are effective and that no unauthorized users can reach vulnerable components. Additionally, organizations should maintain an incident response plan to quickly address any denial of service incidents affecting 5G core infrastructure. Finally, staying informed about updates from Open5GS and the broader security community will ensure timely response to any emerging threats related to this vulnerability.