CVE-2025-15532 is a vulnerability discovered in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw exists in the Timer Handler component, where certain processing can be manipulated remotely to cause excessive resource consumption. This leads to a denial-of-service (DoS) condition by exhausting CPU or memory resources, potentially degrading or interrupting 5G core network services. The vulnerability affects Open5GS versions 2.7.0 through 2.7.5. Exploitation requires no authentication or user interaction and can be performed over the network, making it accessible to remote attackers. The CVSS 4.0 score of 6.9 reflects a medium severity with a network attack vector, low attack complexity, and no privileges required. Although no known exploits in the wild have been reported, a public exploit has been released, increasing the risk of exploitation. The issue can be remediated by applying the patch identified by commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. Given Open5GS's role in managing 5G core functions such as session management and mobility, this vulnerability poses a risk to the availability and reliability of mobile network services. The flaw does not impact confidentiality or integrity directly but can cause service outages, affecting end users and dependent services.

For European organizations, particularly telecom operators and infrastructure providers using Open5GS, this vulnerability can lead to denial-of-service conditions that disrupt 5G core network operations. Such disruptions can degrade mobile broadband services, IoT connectivity, and critical communications relying on 5G networks. The impact extends to enterprises and public sector entities dependent on 5G for digital transformation, smart city applications, and emergency services. Service outages may result in financial losses, reputational damage, and regulatory scrutiny under EU telecom and data protection regulations. The risk is heightened by the availability of a public exploit and the remote, unauthenticated nature of the attack. Organizations operating in countries with advanced 5G deployments and Open5GS adoption face increased exposure. Maintaining network availability is critical to meet service level agreements and national digital infrastructure resilience goals.

1. Immediately apply the official patch identified by commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845 to all affected Open5GS instances. 2. Restrict network access to Open5GS management and control interfaces using firewalls and network segmentation to limit exposure to untrusted networks. 3. Implement resource usage monitoring and alerting on Open5GS nodes to detect abnormal CPU or memory consumption indicative of exploitation attempts. 4. Employ rate limiting and traffic filtering to mitigate potential attack traffic targeting the Timer Handler component. 5. Conduct regular vulnerability scanning and penetration testing focused on 5G core network components. 6. Maintain an incident response plan tailored for telecom infrastructure to quickly address potential DoS attacks. 7. Coordinate with upstream vendors and open-source communities for timely updates and threat intelligence sharing. 8. Consider deploying redundant Open5GS instances and load balancing to improve resilience against resource exhaustion attacks.