PT-2026-1035 · Open5Gs · Open5Gs
Linziyu
·
Published
2026-01-02
·
Updated
2026-01-05
·
CVE-2025-15419
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Open5GS versions through 2.7.6
Description
A weakness exists in Open5GS that can lead to a denial of service. The issue is related to the
sgwc s5c handle create session response function within the src/sgwc/s5c-handler.c file of the GTPv2-C Flow Handler component. Exploitation requires local access. The exploit has been publicly released.Recommendations
Apply patch 5aaa09907e7b9e0a326265a5f08d56f54280b5f2.
Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open5Gs