CVE-2025-15528 is a vulnerability affecting Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the GTPv2 Bearer Response Handler, a critical component responsible for managing bearer context responses in the GPRS Tunneling Protocol version 2 (GTPv2), which is essential for session management in 5G networks. The vulnerability allows an unauthenticated remote attacker to send specially crafted GTPv2 messages that manipulate the Bearer Response Handler, causing the Open5GS service to crash or become unresponsive, resulting in a denial of service condition. This disrupts the availability of 5G core network functions, potentially impacting subscriber connectivity and network reliability. The vulnerability affects all Open5GS versions from 2.7.0 through 2.7.6. The CVSS v4.0 base score is 6.9 (medium severity), reflecting the network attack vector, no required privileges or user interaction, and a direct impact on availability. The vulnerability has been publicly disclosed, and a patch is available identified by the commit hash 98f76e98df35cd6a35e868aa62715db7f8141ac1. No known exploits have been observed in the wild yet, but the public disclosure increases the risk of exploitation attempts. Open5GS is used by telecom operators and enterprises deploying private 5G networks, making this vulnerability relevant to critical communication infrastructure.

For European organizations, the impact of CVE-2025-15528 can be significant, especially for telecom operators and enterprises relying on Open5GS for 5G core network functions. A successful denial of service attack could lead to temporary loss of connectivity for subscribers, disruption of critical communication services, and degradation of network performance. This could affect emergency services, industrial automation, and other sectors dependent on reliable 5G connectivity. The disruption may also cause reputational damage and financial losses due to service outages. Since the vulnerability is remotely exploitable without authentication, attackers can launch DoS attacks from outside the network perimeter, increasing the threat surface. Although no data confidentiality or integrity impact is indicated, the availability impact alone can have cascading effects on dependent services and applications. European telecom regulators may also impose compliance and reporting obligations in case of service disruptions caused by this vulnerability.

To mitigate CVE-2025-15528, organizations should promptly apply the official patch released by the Open5GS project, identified by commit 98f76e98df35cd6a35e868aa62715db7f8141ac1. Network operators should verify that their Open5GS deployments are upgraded beyond version 2.7.6 or have the patch backported. Additionally, monitoring GTPv2 traffic for unusual or malformed bearer response messages can help detect exploitation attempts early. Implementing rate limiting and anomaly detection on GTPv2 interfaces can reduce the risk of DoS attacks. Network segmentation and firewall rules restricting GTPv2 traffic to trusted sources can further limit exposure. Operators should also maintain robust incident response plans to quickly restore services in case of an attack. Regular vulnerability scanning and penetration testing of 5G core components are recommended to identify and remediate similar issues proactively.