CVE-2025-15531 is a vulnerability identified in the Open5GS project, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the sgwc_bearer_add function within the src/sgwc/context.c source file, where improper handling of input or state leads to a reachable assertion failure. This assertion can be triggered remotely without requiring any authentication or user interaction, making exploitation feasible over the network. The assertion failure typically results in a denial-of-service (DoS) condition by crashing or destabilizing the Serving Gateway Control Plane (SGWC) component, which is critical for bearer management in 5G networks. The vulnerability affects Open5GS versions 2.7.0 through 2.7.5 and has been publicly disclosed with an available exploit, although no widespread exploitation in the wild has been reported. The issue has been addressed in subsequent patches, emphasizing the importance of upgrading. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and a medium impact on availability (VA:L), resulting in a score of 6.9. This vulnerability highlights risks in open-source 5G core components that underpin critical telecommunications infrastructure.

For European organizations, especially telecom operators and infrastructure providers deploying Open5GS as part of their 5G core network, this vulnerability poses a significant risk of service disruption. The reachable assertion can cause the SGWC component to crash, leading to denial of service for bearer management functions, which are essential for maintaining active user sessions and data flows. This can degrade network availability and quality of service, impacting both enterprise and consumer users. Given the remote exploitability without authentication, attackers could disrupt services from outside the network perimeter. The availability impact could cascade to affect emergency services, IoT deployments, and critical communications reliant on 5G networks. Additionally, organizations relying on Open5GS for private 5G networks in industrial or governmental contexts may face operational interruptions. The public availability of exploits increases the urgency for mitigation. However, no direct confidentiality or integrity compromise is indicated, limiting the impact primarily to availability.

To mitigate CVE-2025-15531, European organizations should immediately upgrade Open5GS installations to versions beyond 2.7.5 where the vulnerability is fixed. If upgrading is not immediately feasible, applying any available patches or workarounds recommended by the Open5GS community is critical. Network operators should implement strict network segmentation and firewall rules to restrict access to the SGWC interfaces, limiting exposure to untrusted networks. Continuous monitoring of SGWC logs and system health metrics can help detect abnormal crashes or assertion failures indicative of exploitation attempts. Employing intrusion detection systems (IDS) tuned for Open5GS anomalies can provide early warning. Additionally, organizations should conduct thorough audits of their 5G core deployments to identify any legacy or vulnerable Open5GS instances. Coordinating with national cybersecurity agencies and telecom regulators for threat intelligence sharing will enhance situational awareness. Finally, incorporating robust incident response plans specific to 5G core disruptions will improve resilience against potential attacks exploiting this vulnerability.