CVE-2025-15418
- Source
- https://cve.org/CVERecord?id=CVE-2025-15418
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15418.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15418
- Published
- 2026-01-02T00:15:43.047Z
- Modified
- 2026-04-12T17:59:05.712591Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogsgtp2parsebearerqos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is named 4e913d21f2c032b187815f063dbab5ebe65fe83a. To fix this issue, it is recommended to deploy a patch.
- References
-
- https://github.com/open5gs/open5gs/
- https://vuldb.com/?id.339340
- https://vuldb.com/?submit.728043
- https://github.com/open5gs/open5gs/issues/4217
- https://github.com/open5gs/open5gs/issues/4217#issue-3759615968
- https://github.com/open5gs/open5gs/issues/4217#issuecomment-3690767105
- https://vuldb.com/?ctiid.339340
- https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a
Affected packages
Git / github.com/open5gs/open5gs
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.8
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6
Database specific
vanir_signatures_modified
"2026-04-12T17:59:05Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15418.json"
vanir_signatures
[
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 6480.0,
"function_hash": "329856717526135119538908501081309074977"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-344e40a9",
"target": {
"function": "smf_s5c_handle_bearer_resource_command",
"file": "src/smf/s5c-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 727.0,
"function_hash": "262021341753079432219969879458940109913"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-9a51eb7a",
"target": {
"function": "ogs_gtp2_parse_flow_qos",
"file": "lib/gtp/v2/types.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 11155.0,
"function_hash": "334754483001972696561882239704900007849"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-9d9cac0b",
"target": {
"function": "smf_s5c_handle_create_session_request",
"file": "src/smf/s5c-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 926.0,
"function_hash": "329543839650726335680745584138883459068"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-9dc78d6d",
"target": {
"function": "ogs_gtp2_parse_bearer_qos",
"file": "lib/gtp/v2/types.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"271787626993316706612311793198602220882",
"34416988402101326454032227536139984885",
"179813625722567220070921758403395652106",
"221236605691055841650700751255992345839",
"17900012746073832029826838916377672180",
"233918127460046955881258459356091673589",
"250377685072779835463703405982750974556",
"219026633566056177263328640862594893181",
"296042967273174158016797132664340132532"
]
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-a95c6748",
"target": {
"file": "src/sgwc/s11-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 6859.0,
"function_hash": "311099909318344056909886222032198522867"
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-b63a82f3",
"target": {
"function": "sgwc_s11_handle_create_session_request",
"file": "src/sgwc/s11-handler.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"38017208817774213280761318325198808243",
"94778990074870973103764001698954719788",
"293952141973511384287253858566818605179",
"62459825060639851175851586711345633876",
"119656504876539921024875035932767600338",
"106439372501869024052676058613784157830",
"77752825217197064868589875231714434164",
"135030088737795206721133498895998630218"
]
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-b696ff7a",
"target": {
"file": "lib/gtp/v2/types.c"
}
},
{
"deprecated": false,
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"17900012746073832029826838916377672180",
"233918127460046955881258459356091673589",
"23324592745127388020659963800782293316",
"310057843973907710296736236795589457203",
"209497877899117009696403147489162057155",
"244453898215795457968753487324032732379",
"288593856561153794639183289813241745516",
"38971648597017693172464169314442165626",
"121795992113260316089958538858551953653"
]
},
"signature_version": "v1",
"source": "https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a",
"id": "CVE-2025-15418-c57b8fed",
"target": {
"file": "src/smf/s5c-handler.c"
}
}
]