CVE-2025-15529

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-15529

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15529.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-15529

Published

2026-01-16T22:16:18.437Z

Modified

2026-01-18T03:46:10.172815Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwcs5chandlecreatesession_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named b19cf6a2dbf5d30811be4488bf059c865bd7d1d2. To fix this issue, it is recommended to deploy a patch.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type: GIT
Repo: https://github.com/open5gs/open5gs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b19cf6a2dbf5d30811be4488bf059c865bd7d1d2

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.18

v2.0.22

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.7

v2.2.0

v2.2.1

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.6

v2.4.0

v2.4.1

v2.4.3

v2.4.4

v2.4.5

v2.4.7

v2.4.8

v2.4.9

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.6

v2.7.0

v2.7.1

v2.7.2

v2.7.5

v2.7.6

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-15529-0ef6e684",
        "digest": {
            "length": 6404.0,
            "function_hash": "311781366950742551025614730595053951575"
        },
        "source": "https://github.com/open5gs/open5gs/commit/b19cf6a2dbf5d30811be4488bf059c865bd7d1d2",
        "target": {
            "file": "src/sgwc/s5c-handler.c",
            "function": "sgwc_s5c_handle_create_session_response"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-15529-97a461c5",
        "digest": {
            "length": 1612.0,
            "function_hash": "212238030346677080328171821302310784662"
        },
        "source": "https://github.com/open5gs/open5gs/commit/b19cf6a2dbf5d30811be4488bf059c865bd7d1d2",
        "target": {
            "file": "src/sgwc/s5c-handler.c",
            "function": "sgwc_s5c_handle_delete_session_response"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2025-15529-c74f0959",
        "digest": {
            "line_hashes": [
                "45473761511500601110908682292762807851",
                "40552990758877395425634800786189779563",
                "280252831875454169333336474420470902830",
                "147878436867476586116873859163950178343",
                "53584446268619328289611693112753664684",
                "277002442502701764017400083986626851468",
                "243404820675118394535687071069309259434",
                "55878104855696847245462713503508488801",
                "220655081735314153239809203758182345346",
                "65513958658862574610750281008810212876",
                "27776669367646207816667247780585110924",
                "114080774670171426303199415572740589812",
                "50716545275780623241509867133004920201",
                "277002442502701764017400083986626851468",
                "243404820675118394535687071069309259434",
                "151809334426490811636618083324983832600",
                "165057613899523493099204807323266608283",
                "280252831875454169333336474420470902830",
                "147878436867476586116873859163950178343",
                "53584446268619328289611693112753664684",
                "277002442502701764017400083986626851468",
                "243404820675118394535687071069309259434"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/open5gs/open5gs/commit/b19cf6a2dbf5d30811be4488bf059c865bd7d1d2",
        "target": {
            "file": "src/sgwc/s5c-handler.c"
        },
        "deprecated": false
    },
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "id": "CVE-2025-15529-dec826a1",
        "digest": {
            "length": 2862.0,
            "function_hash": "123459901059143657869022331755466724697"
        },
        "source": "https://github.com/open5gs/open5gs/commit/b19cf6a2dbf5d30811be4488bf059c865bd7d1d2",
        "target": {
            "file": "src/sgwc/s5c-handler.c",
            "function": "sgwc_s5c_handle_modify_bearer_response"
        },
        "deprecated": false
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15529.json"