CVE-2025-52322 is a high-severity vulnerability affecting Open5GS version 2.7.2 and earlier. Open5GS is an open-source implementation of the 5G core network, widely used for research, testing, and some production deployments of 5G mobile networks. The vulnerability resides in the Session Management Function (SMF), specifically the Packet Gateway Control Plane (PGW-C) component. An attacker can send a specially crafted Create Session Request message containing the IP address of a legitimate User Equipment (UE) in the PDN Address Allocation (PAA) field. This malformed request triggers a denial of service (DoS) condition in the SMF, causing it to crash or become unresponsive. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption), indicating that the crafted message causes resource exhaustion or improper handling of input leading to service disruption. The CVSS v3.1 base score is 7.5, reflecting a high impact on availability with no requirements for privileges or user interaction, and the attack vector is network-based. This means any remote attacker with network access to the SMF can exploit this vulnerability without authentication. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that mitigation may require vendor updates or configuration changes once available. The vulnerability does not impact confidentiality or integrity but solely targets availability, potentially disrupting 5G core network operations and service continuity for subscribers.

For European organizations, especially telecom operators and infrastructure providers deploying Open5GS or similar 5G core network components, this vulnerability poses a significant risk. Exploitation could lead to denial of service of the SMF, a critical network function responsible for session management and IP address allocation. This disruption can cause widespread service outages affecting mobile subscribers, impacting voice, data, and emergency services. Given the increasing reliance on 5G for critical infrastructure, IoT, and enterprise connectivity in Europe, such outages could have cascading effects on business operations, public safety, and economic activities. Additionally, the attack requires no authentication and can be launched remotely, increasing the threat surface. European telecom providers using Open5GS in testbeds or production should be aware that attackers could leverage this vulnerability to degrade network reliability or as part of a larger attack campaign targeting 5G infrastructure. The lack of known exploits currently provides a window for proactive mitigation, but the high severity score underscores the urgency of addressing this issue.

1. Immediate mitigation should include network-level filtering to restrict access to the SMF interfaces, allowing only trusted network segments and management systems to communicate with the SMF. 2. Implement anomaly detection and rate limiting on the Create Session Request messages to identify and block malformed or suspicious traffic patterns. 3. Monitor SMF logs and performance metrics closely for signs of resource exhaustion or crashes related to session creation requests. 4. Engage with Open5GS maintainers and community to obtain patches or updated versions that address this vulnerability as soon as they become available. 5. Consider deploying redundant SMF instances with failover capabilities to minimize service disruption in case of an attack. 6. Conduct regular security assessments and penetration testing focused on 5G core components to identify and remediate similar vulnerabilities proactively. 7. For organizations using Open5GS in non-production environments, isolate these environments from production networks to prevent lateral movement or accidental exploitation.