CVE-2025-15419 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used by telecom operators and research institutions. The flaw exists in the sgwc_s5c_handle_create_session_response function within the GTPv2-C Flow Handler module (src/sgwc/s5c-handler.c). This function processes Create Session Response messages in the GTPv2-C protocol, which is critical for session management in 5G networks. Improper handling or manipulation of this function can lead to a denial of service (DoS) condition, causing the affected component to crash or become unresponsive. The attack requires local access with limited privileges, meaning an attacker must have some level of access to the system running Open5GS, but no elevated privileges or user interaction are necessary. The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. A patch has been released (commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2) that corrects the issue by improving input validation and error handling in the affected function. Although an exploit is publicly available, there are no confirmed reports of active exploitation in the wild. The CVSS v4.0 score of 4.8 reflects a medium severity rating, primarily due to the local attack vector and limited impact scope. The vulnerability could disrupt 5G session management, impacting service availability for subscribers relying on affected infrastructure.

The primary impact of CVE-2025-15419 is denial of service against the Open5GS 5G core network component responsible for session management. This can lead to service outages or degraded network performance, affecting mobile subscribers' connectivity and session continuity. Telecom operators and service providers relying on Open5GS for their 5G core infrastructure may experience partial or full disruption of user sessions, potentially causing customer dissatisfaction and revenue loss. The local attack requirement limits remote exploitation risks but raises concerns about insider threats or compromised local systems. Additionally, disruption in session management could cascade to other network functions dependent on stable GTPv2-C flows, amplifying operational impact. While the vulnerability does not directly expose sensitive data or allow privilege escalation, the availability impact on critical telecom infrastructure is significant. Organizations with large-scale Open5GS deployments or those in research and testing environments should prioritize remediation to maintain network reliability.

To mitigate CVE-2025-15419, organizations should immediately apply the official patch identified by commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2 to all affected Open5GS instances. Beyond patching, restrict local access to systems running Open5GS to trusted administrators only, employing strict access controls and monitoring for unauthorized access attempts. Implement host-based intrusion detection systems (HIDS) to detect anomalous behavior or crashes related to the sgwc_s5c_handle_create_session_response function. Regularly audit and harden the operating environment to reduce the risk of local compromise. Network segmentation can help isolate critical 5G core components from less trusted networks or users. Additionally, maintain up-to-date backups and incident response plans to quickly recover from potential denial of service events. Continuous monitoring of Open5GS logs and metrics for unusual session handling errors can provide early warning signs of exploitation attempts. Finally, consider deploying runtime application self-protection (RASP) or similar technologies to detect and prevent exploitation of known vulnerabilities in real time.