CVE-2025-15419
BaseFortify
Publication date: 2026-01-02
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.6 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15419 is a denial of service (DoS) vulnerability in Open5GS versions up to 2.7.6, specifically in the SGW-C (Serving Gateway Control plane) component's GTPv2-C Flow Handler. The flaw occurs in the function sgwc_s5c_handle_create_session_response due to improper handling of crafted GTPv2-C session setup messages missing mandatory Tunnel Endpoint Identifiers (TEIDs). This leads to assertion failures in the PFCP (Packet Forwarding Control Protocol) code, causing the SGW-C process to abort and crash (core dump). The attack requires local access and can be exploited using publicly available proof-of-concept tools. The root cause is improper resource handling and validation of mandatory Information Elements during session creation, resulting in system unavailability. [1, 3, 4]
How can this vulnerability impact me? :
This vulnerability can cause the Open5GS SGW-C component to crash and become unavailable, resulting in a denial of service condition. This impacts system availability and can disrupt network services relying on Open5GS, potentially causing outages or degraded performance. Since the attack requires local access, an attacker with such access can exploit this flaw to interrupt service operations. The availability impact is considered low severity but can still affect critical network functions. [1, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring the Open5GS SGW-C logs for error messages related to missing GTP TEIDs and assertion failures in the PFCP code, specifically messages like "No GTP TEID" followed by fatal assertion failures causing process aborts or core dumps. Additionally, detection can involve running the publicly available proof-of-concept exploit to verify if the system is vulnerable. Since the attack requires local access and involves crafted GTPv2-C messages, network detection would focus on observing abnormal GTPv2-C session setup flows or crashes in the SGW-C component. Specific commands are not provided in the resources, but checking system logs for core dumps and error messages related to sgwc_s5c_handle_create_session_response and PFCP assertion failures is recommended. [4]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the official patch identified by commit 5aaa09907e7b9e0a326265a5f08d56f54280b5f2 to Open5GS. This patch improves validation of mandatory Information Elements in Create Session Response messages, adds proper error handling and logging, and prevents the assertion failure that leads to denial of service. Promptly updating Open5GS to a version including this patch will eliminate the vulnerability. Additionally, restricting local access to the system to trusted users can reduce the risk since the attack requires local access. [1, 2]