CVE-2025-15555 is a security vulnerability found in Open5GS, an open-source implementation of the 5G core network. The issue exists in the function hss_ogs_diam_cx_mar_cb located in the src/hss/hss-cx-path.c file, which is part of the VoLTE Cx-Test component. The vulnerability is a stack-based buffer overflow triggered by manipulation of the OGS_KEY_LEN argument, which controls the length of a buffer on the stack. Because the input length is not properly validated, an attacker can supply a crafted argument that causes the function to write beyond the allocated stack buffer boundaries. This type of overflow can corrupt adjacent memory, potentially allowing an attacker to crash the service (denial of service) or execute arbitrary code with the privileges of the Open5GS process. The vulnerability can be exploited remotely without requiring authentication or user interaction, increasing its risk profile. The flaw affects all Open5GS versions from 2.7.0 through 2.7.6. The developers have released a patch (commit 54dda041211098730221d0ae20a2f9f9173e7a21) to fix the issue by properly validating the OGS_KEY_LEN argument and preventing buffer overflow. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no privileges or user interaction required, and limited impact on confidentiality, integrity, and availability, resulting in a medium severity rating. No public exploits or active exploitation campaigns have been reported so far, but the vulnerability poses a significant risk to 5G core network deployments using Open5GS.

The vulnerability could have serious consequences for organizations deploying Open5GS as part of their 5G core network infrastructure. Exploitation may lead to denial of service by crashing critical network functions, disrupting voice over LTE (VoLTE) and other 5G services. More critically, if exploited for arbitrary code execution, attackers could gain control over the affected network components, potentially intercepting or manipulating sensitive telecommunications data. This could undermine network integrity and confidentiality, impacting service providers and their customers. Given the remote, unauthenticated nature of the exploit, attackers could launch attacks from anywhere on the internet, increasing the threat surface. Disruptions in 5G core networks can have cascading effects on dependent services, including emergency communications, IoT devices, and enterprise connectivity. The lack of known exploits in the wild reduces immediate risk but does not eliminate the potential for future attacks, especially as threat actors often target telecom infrastructure. Organizations failing to patch may face regulatory and reputational damage if exploited.

Organizations should immediately apply the official patch identified by commit 54dda041211098730221d0ae20a2f9f9173e7a21 to all affected Open5GS instances running versions 2.7.0 through 2.7.6. Network administrators should audit their Open5GS deployments to confirm version and patch status. Implement network segmentation and firewall rules to restrict access to Open5GS management and signaling interfaces, limiting exposure to untrusted networks. Employ runtime protections such as stack canaries, address space layout randomization (ASLR), and control flow integrity (CFI) where supported to mitigate exploitation impact. Monitor network and system logs for unusual activity or crashes related to the hss_ogs_diam_cx_mar_cb function. Conduct regular vulnerability assessments and penetration tests focused on telecom infrastructure components. Maintain an incident response plan tailored to telecom network compromises. Engage with Open5GS community and security advisories for updates on emerging threats or additional patches.