CVE-2025-52322 is a vulnerability identified in Open5GS version 2.7.2 and earlier, which affects the Session Management Function (SMF), also known as the Packet Gateway Control plane (PGW-C), within the 5G core network infrastructure. The flaw allows a remote attacker to trigger a denial of service (DoS) condition by sending a specially crafted Create Session Request message. This message manipulates the PDN Address Allocation (PAA) field by inserting the IP address of a legitimate User Equipment (UE). The vulnerability arises because the SMF improperly handles this crafted request, leading to resource exhaustion or service disruption. Since the SMF is critical for managing session establishment and IP address allocation in 5G networks, exploitation can interrupt subscriber connectivity and degrade network availability. The attack does not require authentication or user interaction, enabling remote exploitation by an unauthenticated attacker with network access to the SMF interface. No CVSS score has been assigned yet, and no known exploits have been reported in the wild as of the publication date. However, the potential for disruption in 5G core network operations makes this a significant concern for operators using vulnerable Open5GS versions.

For European organizations, particularly telecom operators and service providers deploying Open5GS as part of their 5G core network infrastructure, this vulnerability poses a risk of service outages and degraded network performance. Disruption of the SMF can lead to denial of service for subscribers, impacting both consumer and enterprise customers relying on 5G connectivity. This can affect critical services such as IoT deployments, emergency communications, and industrial automation that depend on reliable 5G sessions. Additionally, prolonged outages could result in regulatory penalties under EU telecom regulations and damage to operator reputation. Given the increasing reliance on 5G networks across Europe, the impact extends beyond telecom providers to sectors such as healthcare, transportation, and finance that utilize 5G connectivity for mission-critical applications.

Operators should prioritize upgrading Open5GS to versions beyond 2.7.2 where this vulnerability is addressed. In the absence of an official patch, network administrators should implement strict filtering and validation of Create Session Request messages at the SMF interface to detect and block malformed requests containing suspicious PDN Address Allocation fields. Deploying anomaly detection systems to monitor unusual session creation patterns can help identify exploitation attempts early. Network segmentation and limiting exposure of the SMF control plane to trusted management networks reduce the attack surface. Additionally, operators should conduct thorough security assessments and penetration testing focused on 5G core components to identify similar weaknesses. Maintaining up-to-date threat intelligence feeds and collaborating with vendors and CERTs will facilitate timely response to emerging exploits.