CVE-2025-15529 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used by telecom operators and enterprises for 5G network functions. The issue resides in the sgwc_s5c_handle_create_session_response function within the s5c-handler.c source file. This function is responsible for processing create session responses in the Serving Gateway Control (SGWC) component of the 5G core. An attacker can craft and send manipulated messages that trigger improper handling within this function, leading to a denial of service (DoS) condition. The DoS results from the system becoming unresponsive or crashing, thereby disrupting 5G network services. The vulnerability is remotely exploitable without requiring any authentication or user interaction, increasing its risk profile. The CVSS 4.0 base score is 6.9, reflecting a medium severity level due to the impact on availability and ease of exploitation. The flaw affects Open5GS versions 2.7.0 through 2.7.6. Although no active exploits have been observed in the wild, a public proof-of-concept exploit has been published, which could facilitate attacks by malicious actors. The Open5GS project has released a patch identified by commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2 to address this issue. Organizations using Open5GS are strongly advised to apply this patch to prevent potential service outages.

The primary impact of CVE-2025-15529 is the disruption of 5G core network services due to denial of service conditions. For European organizations, especially telecom operators and enterprises deploying private 5G networks using Open5GS, this vulnerability could lead to significant service outages affecting mobile broadband, IoT connectivity, and critical communications infrastructure. Such disruptions can degrade customer experience, cause financial losses, and impact dependent services such as emergency communications and industrial automation. Given the remote and unauthenticated nature of the exploit, attackers could launch DoS attacks from outside the network perimeter, increasing the threat surface. The availability impact is critical in 5G environments where continuous connectivity is essential. Additionally, service interruptions may have regulatory and reputational consequences for affected operators. The medium severity rating indicates that while the vulnerability does not compromise confidentiality or integrity, the availability impact alone can have substantial operational consequences.

To mitigate CVE-2025-15529, European organizations should immediately apply the official patch released by the Open5GS project (commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2) to all affected Open5GS deployments running versions 2.7.0 through 2.7.6. Network operators should conduct thorough testing in staging environments before production deployment to ensure stability. Additionally, implementing network-level protections such as filtering and rate limiting on interfaces exposed to untrusted networks can reduce the risk of exploitation. Monitoring network traffic for anomalous create session response messages and unusual SGWC behavior can provide early detection of exploitation attempts. Operators should also maintain up-to-date inventories of Open5GS versions in use and ensure timely patch management processes. Segmentation of 5G core network components and restricting access to management interfaces can further limit attack vectors. Finally, engaging with the Open5GS community and subscribing to security advisories will help maintain awareness of emerging threats and patches.