CVE-2025-15419 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the sgwc_s5c_handle_create_session_response function within the GTPv2-C flow handler component, which processes Create Session Response messages in the Serving Gateway Control plane (SGW-C). Improper handling of these messages due to a weakness in the code can be manipulated by an attacker with local access and low privileges to trigger a denial of service (DoS) condition, likely by causing a crash or resource exhaustion in the affected component. The vulnerability affects all Open5GS versions from 2.7.0 through 2.7.6. Exploitation does not require user interaction or network access but does require local access with some privileges, making insider threats or compromised local accounts the primary risk vectors. The vulnerability has a CVSS 4.8 (medium) score, reflecting the limited attack vector but moderate impact on availability. The exploit code has been publicly disclosed, increasing the urgency for patching. The vendor has released a patch identified by commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2 to remediate the issue. Given Open5GS’s role in 5G core networks, successful exploitation could disrupt mobile session management, impacting service availability for end users and potentially causing broader network instability.

For European organizations, particularly telecom operators and mobile network infrastructure providers deploying Open5GS, this vulnerability poses a risk of service disruption through denial of service attacks. The SGW-C component is critical for managing user sessions and mobility in 5G networks; disruption here can lead to dropped calls, interrupted data sessions, and degraded network performance. This can affect both consumer and enterprise customers relying on mobile connectivity. The local access requirement limits remote exploitation but insider threats, compromised management systems, or attackers who gain local foothold could leverage this vulnerability. Given the increasing adoption of Open5GS in private and public 5G deployments across Europe, the impact could extend to critical infrastructure sectors relying on 5G connectivity, including manufacturing, transportation, and emergency services. The public availability of exploit code raises the likelihood of opportunistic attacks, increasing operational risk and potential reputational damage for affected providers.

European organizations should immediately apply the official patch released for Open5GS that addresses CVE-2025-15419 (commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2). Beyond patching, organizations should implement strict access controls to limit local access to the SGW-C host systems, including enforcing least privilege principles and multi-factor authentication for administrative accounts. Network segmentation should be used to isolate core network components from less trusted environments. Continuous monitoring and auditing of local access logs can help detect unauthorized attempts to exploit this vulnerability. Employing host-based intrusion detection systems (HIDS) can provide alerts on suspicious activity related to the vulnerable function. Additionally, organizations should conduct regular security assessments and penetration tests focused on local privilege escalation and insider threat scenarios. Maintaining up-to-date backups and incident response plans will help mitigate the impact of any successful denial of service attacks.