CVE-2025-15419 identifies a denial of service (DoS) vulnerability in Open5GS, an open-source 5G core network software widely used for implementing 5G core network functions. The vulnerability resides in the sgwc_s5c_handle_create_session_response function within the GTPv2-C Flow Handler component, specifically in the file src/sgwc/s5c-handler.c. This function handles the Create Session Response message in the S5-C interface, which is critical for session management between the Serving Gateway Control Plane (SGWC) and the Packet Gateway Control Plane (PGWC). The flaw allows a local attacker with limited privileges to manipulate the function’s processing logic, causing the software to crash or become unresponsive, resulting in a denial of service. The attack requires local access to the system running Open5GS, meaning remote exploitation is not feasible without prior access. No user interaction or elevated privileges beyond low-level local access are needed, and the vulnerability does not affect confidentiality or integrity but impacts availability. The CVSS v4.0 score is 4.8 (medium), reflecting the limited attack vector (local) but significant impact on service availability. The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. A patch identified by commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2 has been released to remediate the issue. While no known exploits have been observed in the wild, the exploit code is publicly available, increasing the risk of exploitation by insiders or attackers with local access. Given Open5GS’s role in 5G core networks, successful exploitation could disrupt mobile network services, impacting subscribers and network operators.

For European organizations deploying Open5GS as part of their 5G core network infrastructure, this vulnerability poses a risk of service disruption through denial of service attacks. The affected component is critical for session management in the 5G core, so exploitation could lead to dropped sessions, degraded network performance, or complete unavailability of core network functions. This can impact mobile network operators, enterprises running private 5G networks, and service providers relying on Open5GS for connectivity. The disruption could affect end users’ mobile services, including voice, data, and IoT communications. Since the attack requires local access, the threat is higher in environments where internal network segmentation or host security is weak, or where insider threats exist. The availability impact could lead to financial losses, reputational damage, and regulatory scrutiny under EU telecom and data protection regulations. Additionally, the public availability of exploit code increases the urgency for mitigation. Organizations with critical infrastructure or those providing essential communications services are particularly vulnerable to operational disruptions caused by this flaw.

To mitigate this vulnerability, European organizations should promptly apply the official patch released for Open5GS that addresses CVE-2025-15419. In addition to patching, organizations should enforce strict access controls to limit local access to systems running Open5GS, including hardened host configurations and role-based access controls. Network segmentation should be implemented to isolate core network components from less trusted internal networks and users. Continuous monitoring and logging of Open5GS processes and system behavior can help detect anomalous activity indicative of exploitation attempts. Employing host-based intrusion detection systems (HIDS) and endpoint protection solutions can further reduce risk. Regular security audits and vulnerability assessments of 5G core infrastructure should be conducted to identify and remediate weaknesses. Finally, organizations should develop and test incident response plans specific to 5G core network disruptions to minimize downtime in case of exploitation.