CVE-2025-15530 is a vulnerability identified in the Open5GS project, an open-source implementation of the 5G core network. The flaw exists in the sgwc_s11_handle_create_indirect_data_forwarding_tunnel_request function within the sgwc component, specifically in the s11-handler.c source file. This function handles requests related to creating indirect data forwarding tunnels, a critical operation in 5G user plane management. The vulnerability manifests as a reachable assertion failure, which can be triggered remotely without authentication or user interaction. When exploited, this assertion failure can cause the affected process to terminate unexpectedly, leading to a denial of service (DoS) condition. The CVSS 4.0 score of 6.9 reflects a medium severity level, considering the ease of remote exploitation and the impact limited primarily to availability. The vulnerability affects Open5GS versions from 2.7.0 through 2.7.6, with the issue reportedly fixed in subsequent releases. Although the exploit code has been publicly disclosed, there are no confirmed reports of active exploitation in operational environments. Given Open5GS's role in 5G core networks, this vulnerability could disrupt user plane data forwarding, impacting network reliability and service continuity.

For European organizations deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a risk of service disruption through denial of service attacks. The reachable assertion can cause the session gateway component to crash, interrupting data forwarding tunnels essential for user data transmission. This can degrade network availability and quality of service, affecting end users and enterprise customers relying on 5G connectivity. Critical sectors such as telecommunications providers, industrial automation, and public safety networks that depend on stable 5G services may experience operational impacts. Additionally, since the exploit requires no authentication and can be triggered remotely, attackers could potentially launch DoS attacks from external networks, increasing the threat surface. Although confidentiality and integrity are not directly impacted, the availability degradation could have cascading effects on dependent services and applications. The medium severity rating suggests a moderate but non-negligible risk, emphasizing the need for timely remediation to maintain network resilience.

European organizations should immediately upgrade Open5GS deployments to versions later than 2.7.6 where the vulnerability is fixed. In environments where immediate patching is not feasible, implementing network-level protections such as filtering and rate limiting on the S11 interface can reduce exposure to malicious tunnel creation requests. Monitoring and anomaly detection systems should be configured to alert on unusual or malformed S11 signaling messages indicative of exploitation attempts. Network segmentation and strict access controls on 5G core network components can limit the attack surface. Additionally, organizations should maintain up-to-date inventories of Open5GS versions in use and validate that all instances are patched. Engaging with Open5GS community updates and security advisories will help stay informed about further developments. Finally, conducting regular penetration testing and resilience assessments on 5G core infrastructure can identify residual risks and improve incident response readiness.