CVE-2025-15419
- Source
- https://cve.org/CVERecord?id=CVE-2025-15419
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15419.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15419
- Published
- 2026-01-02T01:15:50.053Z
- Modified
- 2026-03-15T21:45:01.248874Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwcs5chandlecreatesession_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of service. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. This patch is called 5aaa09907e7b9e0a326265a5f08d56f54280b5f2. It is advisable to implement a patch to correct this issue.
- References
-
- https://github.com/open5gs/open5gs/
- https://vuldb.com/?id.339341
- https://vuldb.com/?submit.728044
- https://github.com/open5gs/open5gs/issues/4224#issuecomment-3698521008
- https://vuldb.com/?ctiid.339341
- https://github.com/open5gs/open5gs/issues/4224
- https://github.com/open5gs/open5gs/issues/4224#issue-3766767406
- https://github.com/open5gs/open5gs/commit/5aaa09907e7b9e0a326265a5f08d56f54280b5f2
Affected packages
Git / github.com/open5gs/open5gs
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15419.json"
vanir_signatures
[
{
"signature_version": "v1",
"target": {
"file": "src/sgwc/s5c-handler.c",
"function": "sgwc_s5c_handle_create_session_response"
},
"source": "https://github.com/open5gs/open5gs/commit/5aaa09907e7b9e0a326265a5f08d56f54280b5f2",
"deprecated": false,
"digest": {
"function_hash": "319536530483126889520863003272388873969",
"length": 6005.0
},
"id": "CVE-2025-15419-513f31d0",
"signature_type": "Function"
},
{
"signature_version": "v1",
"target": {
"file": "src/sgwc/s5c-handler.c"
},
"source": "https://github.com/open5gs/open5gs/commit/5aaa09907e7b9e0a326265a5f08d56f54280b5f2",
"deprecated": false,
"digest": {
"line_hashes": [
"125970405200960072721228423458005077289",
"114995248204164597080627566710160021315",
"253787162956947655926546149238622970612",
"240807996922403352962561782991405199971",
"177137073638519550199354656925353811621",
"332617364858045463923722375192883340994",
"270462229494557606265608540469119562277",
"202151965711690225546275554130146457549",
"238231552715623090011064448729790937480",
"59040815940222866490132467285198926960",
"55875453677578459513771356314669003570",
"103757702672386911222386735320720087527",
"281499736484087160162728230702969757117",
"35220593799703970426335056141539572068",
"43643264944697389744295841433576492953",
"230926858035072641794832917179585545374",
"175822469112318319033740533464636241813",
"164691827806793335665951898069558848923",
"275910157565474697048867594437447350483",
"334941564570295904019995232479005603278"
],
"threshold": 0.9
},
"id": "CVE-2025-15419-ba5f8dec",
"signature_type": "Line"
}
]