PT-2026-3328 · Open5Gs · Open5Gs
Ziyulin
·
Published
2026-01-16
·
Updated
2026-02-09
·
CVE-2025-15529
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Open5GS versions up to 2.7.6
Description
A denial-of-service issue exists in Open5GS, specifically within the SGW-C (Serving Gateway Control plane) component. The issue resides in the handling of Create Session Response messages and affects the
sgwc s5c handle create session response function located in the src/sgwc/s5c-handler.c file. An attacker can trigger this issue, causing the SGWC process to crash and leading to service disruption. Remote exploitation is possible.Recommendations
Versions up to 2.7.6 should deploy the patch b19cf6a2dbf5d30811be4488bf059c865bd7d1d2.
Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Open5Gs