CVE-2025-15528
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-15528
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15528.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-15528
- Published
- 2026-01-16T22:16:18.250Z
- Modified
- 2026-01-18T03:46:10.054970Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.
- References
Affected packages
Git / github.com/open5gs/open5gs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/open5gs/open5gs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2025-15528-28d8fd33",
"digest": {
"length": 2560.0,
"function_hash": "67594169559269844112162002870584227770"
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/s11-handler.c",
"function": "sgwc_s11_handle_delete_bearer_response"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2025-15528-3fc5f27b",
"digest": {
"line_hashes": [
"204228363162770951256064742079811839500",
"209984536840509726819705364436131672935",
"259097671032881161189896565948891060507",
"258778132195395762485958026121223347995",
"142005232916472683425958656864151305527",
"264319306283308236387688489522390614522",
"36251035236191305819164498778688607312",
"167670882638506883025095818258657566257",
"145248285507348894313893828611054817103"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/smf/smf-sm.c"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2025-15528-46ae2500",
"digest": {
"length": 5553.0,
"function_hash": "88728855517358485886268386146990154097"
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/s11-handler.c",
"function": "sgwc_s11_handle_create_bearer_response"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2025-15528-6b00a3f5",
"digest": {
"length": 5283.0,
"function_hash": "137858644361851629832604151885259270324"
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/sgwc-sm.c",
"function": "sgwc_state_operational"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2025-15528-886b2bd5",
"digest": {
"line_hashes": [
"62748957328844558600685414266627727868",
"7396069501774266129095887173534310462",
"114732697039117117047670285814700117222",
"39982833162068680689426629209839516665",
"291430371634605840844923196783615849919",
"307330812579124941473866978522957307391",
"188816661435573734488594360262179643379",
"53419063917440364291964981011544491855",
"288093530890035433063890241944384180147",
"243615734615603606169123667205305548567",
"284774980469030478558318931344173082898",
"15395798529720361102792785767824765257",
"118373286017518574265339596909122572058",
"151619179602055857660456321308468911508",
"98491430874458739124054226696201812815",
"46814874857824212323278673323067772740",
"290637539197315227551026379223595101076",
"338593006937142119171189337311211130913",
"218829886242067008921514573891521142851",
"54947575035265657233760630810176339291",
"290637539197315227551026379223595101076",
"283556111273217912275949427863527411885",
"25508551456035841978449777784033900662",
"139305961829702150141862716980127743730",
"248737284088131555807331429125261711118",
"176644275280501722931395847582265742487",
"71065617510612721132138757588583577202",
"145807447484424640258151404041997234093",
"243626595355511175192039003941690370118",
"221510995055288209364772179540891720681",
"13406803964930474293492985706545068930",
"49876629956922507119373864605159702823",
"43453892085134494024866565661213434892",
"139284302924533006747059966623800118342",
"74894120837283357125137714422732599623",
"311852647218940557131956374666630363654",
"67870427464556918256879861275468457181",
"17031524846511740508279460965107904148",
"195511866731013370511790740838366820893",
"96421388612036834044754655907092254311",
"63390250717360238141824025832531967242",
"13187582370192991900226435467788916545",
"299317474697186312371357652891656062335",
"208179174054434687309724200893720021130",
"131079973066933908066031038421253816208",
"92254811188144562291646303124244870227",
"183929712315508181235632348228168688617",
"311852647218940557131956374666630363654",
"67870427464556918256879861275468457181",
"17031524846511740508279460965107904148",
"111293413854558226264168780674992546571",
"175174696459497297816758750125294402913",
"25742591520964720105873077557818570993",
"330963911771574251295552415831551680838",
"163617574810648161328081726413730893861",
"77401456412292882493116881767885314344",
"231834411488387930827555279312343835609",
"194862420188128799247099869388904393659",
"251643081251551826234710573906961931027",
"249571117391620618207010600394124077066",
"69788849833243281583258817582298881239",
"216604796438391351320358811117409989775",
"167689076777707108293900892452102857456",
"209791595235448151256936099057599713474"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/s11-handler.c"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2025-15528-8b61a054",
"digest": {
"length": 2834.0,
"function_hash": "205559211467342734513387794293319986714"
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/s11-handler.c",
"function": "sgwc_s11_handle_update_bearer_response"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2025-15528-e3da84fd",
"digest": {
"line_hashes": [
"209121533160786237401271095588778479883",
"9810262897890720294402218895360377061",
"66791263013137515953851753227345889223",
"89043303148159749478080754810181258699",
"159120351925117091492728133290192501439",
"281524525129693881223271254319522827951",
"26179998921793836409966983626756174302",
"54386058880275669725705491247291037977",
"12425562326335315845217781171062608239",
"9810262897890720294402218895360377061",
"30813432283245048535814126130716916791",
"46104091876407204012453373271654284490",
"173993273244453071983112464805909552021",
"134005090912582045062383955939050110397",
"111949526142413658925307968029561137125",
"224396662689131688627602917955768898352",
"12425562326335315845217781171062608239"
],
"threshold": 0.9
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/sgwc/sgwc-sm.c"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2025-15528-e84de1cd",
"digest": {
"length": 26764.0,
"function_hash": "119482142398510437336205484505138743393"
},
"source": "https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1",
"target": {
"file": "src/smf/smf-sm.c",
"function": "smf_state_operational"
},
"deprecated": false
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15528.json"