CVE-2025-15529 is a denial of service (DoS) vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw exists in the sgwc_s5c_handle_create_session_response function within the s5c-handler.c source file. This function handles the Create Session Response message in the S5-C interface, which is critical for session management between the Serving Gateway Control plane (SGWC) and the Packet Data Network Gateway Control plane (PGWC). An attacker can manipulate the processing of this message remotely, causing the Open5GS service to crash or become unresponsive, resulting in denial of service. The vulnerability requires no authentication, user interaction, or privileges, and can be exploited over the network, making it relatively easy to trigger. The CVSS v4.0 base score is 6.9, reflecting medium severity due to the impact on availability and ease of exploitation. The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. Although no active exploitation in the wild has been reported, a public exploit is available, increasing the risk of future attacks. The recommended mitigation is to apply the patch identified by commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2, which addresses the vulnerability by correcting the handling logic in the affected function.

For European organizations, particularly telecom operators and mobile network providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a significant risk to network availability. A successful DoS attack could disrupt mobile data sessions, degrade service quality, or cause partial or complete outages of 5G services. This disruption can affect millions of subscribers, impacting critical communications, emergency services, and enterprise connectivity. The availability impact also extends to dependent services such as IoT networks and private 5G deployments used in manufacturing, logistics, and smart city applications. Although the vulnerability does not directly compromise confidentiality or data integrity, the service disruption can lead to operational and reputational damage, regulatory scrutiny, and financial losses. The medium severity rating reflects the balance between the ease of exploitation and the limited scope of impact to availability only.

European organizations should immediately verify if their Open5GS deployments are running affected versions (2.7.0 to 2.7.6). They must apply the official patch (commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2) without delay to remediate the vulnerability. Network operators should also implement network-level protections such as filtering and rate limiting on the S5-C interface to reduce exposure to malformed or malicious Create Session Response messages. Monitoring and anomaly detection systems should be tuned to identify unusual session creation responses or service disruptions indicative of exploitation attempts. Additionally, operators should conduct thorough testing of patched systems in staging environments before production deployment to ensure stability. Maintaining up-to-date backups and incident response plans specific to 5G core network components will help mitigate operational impacts in case of an attack. Collaboration with vendors and participation in threat intelligence sharing communities focused on telecom infrastructure can provide early warnings of exploitation attempts.