CVE-2025-15528 is a vulnerability in the Open5GS project, an open-source implementation of 5G core network functions widely used for mobile network infrastructure. The flaw resides in the GTPv2 Bearer Response Handler component, which processes GPRS Tunneling Protocol version 2 messages related to bearer management. Specifically, crafted GTPv2 Bearer Response messages can trigger a denial of service condition, causing the affected Open5GS node to crash or become unresponsive. The vulnerability affects all Open5GS versions from 2.7.0 through 2.7.6. Exploitation requires no authentication, privileges, or user interaction, and can be performed remotely by sending maliciously crafted packets to the vulnerable service. The CVSS v4.0 base score is 6.9, indicating a medium severity level primarily due to the impact on availability and ease of exploitation. The vulnerability does not affect confidentiality or integrity. The patch identified by commit 98f76e98df35cd6a35e868aa62715db7f8141ac1 addresses the issue by correcting the handling logic in the GTPv2 Bearer Response Handler to prevent the denial of service condition. Although no known exploits are currently observed in the wild, the public disclosure of the vulnerability increases the risk of exploitation attempts. Open5GS is used by telecom operators, research institutions, and enterprises deploying private 5G networks, making this vulnerability relevant to critical communication infrastructure. Attackers exploiting this flaw could disrupt mobile network services, impacting voice, data, and signaling availability.

For European organizations, the primary impact of CVE-2025-15528 is the potential disruption of 5G core network services relying on Open5GS. This denial of service could lead to temporary unavailability of mobile connectivity, affecting enterprise communications, IoT deployments, and public safety networks that depend on stable 5G infrastructure. Telecom operators using Open5GS in their core network could experience service outages, customer dissatisfaction, and financial losses. Enterprises deploying private 5G networks for industrial automation, logistics, or smart city applications may face operational disruptions. The impact on confidentiality and integrity is minimal, but availability degradation in critical communication infrastructure can have cascading effects on dependent services. Given the remote and unauthenticated nature of the exploit, attackers can launch denial of service attacks from outside the network perimeter, increasing the threat surface. The medium severity rating reflects the balance between the ease of exploitation and the limited scope of impact to availability only. However, in sectors where continuous connectivity is essential, even temporary outages can have significant consequences.

To mitigate CVE-2025-15528, European organizations should prioritize applying the official patch identified by commit 98f76e98df35cd6a35e868aa62715db7f8141ac1 to all Open5GS deployments running affected versions (2.7.0 through 2.7.6). Network operators should implement strict filtering and validation of GTPv2 traffic at network boundaries to detect and block malformed or suspicious bearer response messages. Deploying intrusion detection/prevention systems (IDS/IPS) with signatures tuned for GTP anomalies can help identify exploitation attempts. Network segmentation should isolate Open5GS core components from untrusted networks to reduce exposure. Regular monitoring and logging of GTPv2 traffic patterns can provide early warning of attack attempts. Organizations should also conduct security audits and penetration testing focused on telecom core components to identify other potential weaknesses. Maintaining up-to-date backups and incident response plans will help minimize downtime in case of successful denial of service attacks. Collaboration with telecom vendors and security communities to share threat intelligence related to Open5GS vulnerabilities is recommended. Finally, consider deploying redundant Open5GS instances or failover mechanisms to maintain service continuity during attacks.