CVE-2025-15555 is a stack-based buffer overflow vulnerability found in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The vulnerability exists in the function hss_ogs_diam_cx_mar_cb within the src/hss/hss-cx-path.c file, part of the VoLTE Cx-Test component. The issue stems from improper validation and handling of the OGS_KEY_LEN argument, which can be manipulated by an attacker to overflow the stack buffer. This overflow can corrupt adjacent memory, potentially leading to arbitrary code execution, denial of service, or information disclosure. The vulnerability is remotely exploitable without requiring authentication or user interaction, increasing its risk profile. The CVSS 4.0 vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability at a low level (VC:L, VI:L, VA:L). The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. A patch has been released (commit 54dda041211098730221d0ae20a2f9f9173e7a21) to fix the issue by properly validating the OGS_KEY_LEN parameter and preventing buffer overflow. No public exploits have been reported yet, but the nature of the vulnerability makes it a significant concern for operators running vulnerable Open5GS instances in production environments.

For European organizations, especially telecom operators and mobile network providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a risk of remote compromise. Exploitation could allow attackers to execute arbitrary code or cause denial of service, disrupting critical telecommunications services such as VoLTE and other 5G functionalities. This could lead to service outages, data leakage, or manipulation of network signaling messages, impacting subscriber confidentiality and network integrity. Given the increasing reliance on 5G networks for critical communications, industrial IoT, and emergency services, the potential impact extends beyond typical IT disruptions to affect public safety and economic activities. The medium severity rating suggests that while exploitation is feasible, the impact is somewhat limited, but the critical nature of telecom infrastructure elevates the operational risk. Organizations failing to patch promptly may face targeted attacks or collateral damage from opportunistic threat actors scanning for vulnerable Open5GS deployments.

European organizations should immediately assess their Open5GS deployments to identify affected versions (2.7.0 through 2.7.6). The primary mitigation is to apply the official patch referenced by commit 54dda041211098730221d0ae20a2f9f9173e7a21, which corrects the buffer overflow by validating the OGS_KEY_LEN parameter. Network segmentation should be enforced to restrict access to the VoLTE Cx-Test interface, limiting exposure to untrusted networks. Deploying intrusion detection and prevention systems (IDS/IPS) with signatures tuned to detect anomalous DIAMETER protocol messages may help identify exploitation attempts. Regularly auditing and monitoring logs for unusual activity related to the hss_ogs_diam_cx_mar_cb function or DIAMETER signaling can provide early warning. Organizations should also review their incident response plans for telecom infrastructure compromises and ensure backups and failover mechanisms are tested. Finally, engaging with Open5GS community updates and security advisories will help maintain awareness of emerging threats and patches.