CVE-2025-15529 is a denial of service vulnerability identified in Open5GS, an open-source 5G core network software suite used for implementing 5G core network functions. The vulnerability resides in the function sgwc_s5c_handle_create_session_response located in the src/sgwc/s5c-handler.c file. This function handles the creation of session responses in the Serving Gateway Control (SGWC) component of the 5G core. An attacker can craft and send specially manipulated messages that trigger a failure condition in this function, causing the Open5GS service to crash or become unresponsive, resulting in denial of service. The vulnerability can be exploited remotely without requiring any authentication or user interaction, making it particularly dangerous in exposed network environments. The issue affects Open5GS versions from 2.7.0 up to and including 2.7.6. The patch identified by commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2 addresses this flaw by correcting the handling logic in the affected function. Although no active exploitation has been reported in the wild, the public availability of an exploit increases the likelihood of attacks. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and low impact on availability (VA:L), resulting in a base score of 6.9 (medium severity). This vulnerability poses a risk to the availability of 5G core network services relying on Open5GS, potentially disrupting telecom operations and dependent services.

The primary impact of CVE-2025-15529 is the disruption of 5G core network services through denial of service. Organizations deploying Open5GS as part of their 5G infrastructure may experience service outages or degraded network performance, affecting subscriber connectivity and critical communications. This can lead to operational downtime, customer dissatisfaction, and potential financial losses for telecom operators. Given the remote exploitability without authentication, attackers can target exposed Open5GS instances from anywhere on the internet, increasing the attack surface. The disruption of 5G core functions can also impact dependent services such as IoT communications, emergency services, and enterprise networks relying on 5G connectivity. While the vulnerability does not directly compromise confidentiality or integrity, the availability impact is significant in telecommunications contexts where uptime is critical. The public availability of an exploit increases the risk of opportunistic attacks, especially against unpatched systems. Organizations worldwide using Open5GS in production or testing environments are at risk until patched.

To mitigate CVE-2025-15529, organizations should immediately apply the official patch identified by commit b19cf6a2dbf5d30811be4488bf059c865bd7d1d2 to all affected Open5GS instances running versions 2.7.0 through 2.7.6. Network administrators should verify the Open5GS version in use and upgrade to a patched release or rebuild from source including the fix. Additionally, it is recommended to restrict network exposure of Open5GS control plane interfaces by implementing strict firewall rules and network segmentation to limit access only to trusted management and core network components. Monitoring network traffic for anomalous or malformed session creation responses can help detect exploitation attempts. Employing intrusion detection/prevention systems (IDS/IPS) with updated signatures targeting this vulnerability can provide additional defense. Regularly auditing and updating 5G core network software and dependencies reduces the risk of similar vulnerabilities. Finally, organizations should maintain incident response plans to quickly address any service disruptions caused by exploitation attempts.