Vulnerability Description
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1. A patch should be applied to remediate this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | <= 2.7.6 |
Related Weaknesses (CWE)
References
- https://github.com/open5gs/open5gs/
- https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178Patch
- https://github.com/open5gs/open5gs/issues/4203ExploitIssue TrackingVendor Advisory
- https://github.com/open5gs/open5gs/issues/4203#issue-3719257558ExploitIssue TrackingVendor Advisory
- https://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498ExploitIssue TrackingVendor Advisory
- https://vuldb.com/?ctiid.339339Permissions RequiredVDB Entry
- https://vuldb.com/?id.339339Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.727616Third Party AdvisoryVDB Entry
- https://github.com/open5gs/open5gs/issues/4203#issue-3719257558ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2025-15417?
CVE-2025-15417 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such ...
How severe is CVE-2025-15417?
CVE-2025-15417 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15417?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.