CVE-2025-15530 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used by telecom operators and research institutions. The flaw exists in the function sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request within the s11-handler.c source file. This function handles requests related to creating indirect data forwarding tunnels on the S11 interface, which is critical for user plane data forwarding in 5G networks. The vulnerability manifests as a reachable assertion failure triggered by crafted input, which can be exploited remotely without authentication or user interaction. This means an attacker can send maliciously crafted S11 interface messages to the affected Open5GS version (2.7.0 through 2.7.6) to cause the software to hit an assertion, leading to a crash or denial of service. The CVSS 4.0 base score is 6.9, reflecting medium severity due to the lack of confidentiality, integrity, or availability impact beyond service disruption, and the ease of remote exploitation without privileges. The vulnerability has been publicly disclosed and fixed in versions beyond 2.7.6, but no active exploitation has been reported in the wild. Given Open5GS's role in 5G core networks, this vulnerability could disrupt mobile network services if exploited.

The primary impact of CVE-2025-15530 is denial of service (DoS) against 5G core network components running vulnerable Open5GS versions. This can lead to service outages or degraded network performance affecting mobile subscribers relying on the affected infrastructure. Since Open5GS is used by telecom operators, research labs, and private 5G deployments worldwide, exploitation could disrupt user data forwarding and session management, impacting voice, data, and IoT services. The vulnerability does not appear to allow data leakage or privilege escalation, limiting its impact to availability. However, given the critical nature of 5G core networks, even temporary outages can have significant operational and financial consequences. Organizations running vulnerable versions risk network instability and potential reputational damage if services are interrupted. The lack of authentication and user interaction requirements increases the risk of remote exploitation by attackers with network access to the S11 interface.

To mitigate CVE-2025-15530, organizations should immediately upgrade Open5GS to versions later than 2.7.6 where the vulnerability is fixed. If upgrading is not immediately feasible, network administrators should implement strict access controls and segmentation on the S11 interface to restrict traffic only to trusted network elements. Deploying intrusion detection or prevention systems (IDS/IPS) capable of monitoring and blocking malformed S11 messages can help detect exploitation attempts. Regularly auditing and monitoring Open5GS logs for assertion failures or crashes can provide early warning of exploitation. Additionally, organizations should follow secure configuration best practices for Open5GS and maintain up-to-date software to reduce exposure to known vulnerabilities. Collaboration with telecom vendors and security communities to share threat intelligence related to Open5GS vulnerabilities is also recommended.