CVE-2025-15529

Source
https://cve.org/CVERecord?id=CVE-2025-15529
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15529.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-15529
Published
2026-01-16T22:02:10.930Z
Modified
2026-07-08T08:10:20.029540883Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
Open5GS s5c-handler.c sgwc_s5c_handle_create_session_response denial of service
Details

A vulnerability was found in Open5GS up to 2.7.6. Affected by this issue is the function sgwcs5chandlecreatesession_response of the file src/sgwc/s5c-handler.c. Performing a manipulation results in denial of service. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The patch is named b19cf6a2dbf5d30811be4488bf059c865bd7d1d2. To fix this issue, it is recommended to deploy a patch.

Database specific
{
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-404"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "2.7.3"
                },
                {
                    "last_affected": "2.7.3"
                },
                {
                    "introduced": "2.7.4"
                },
                {
                    "last_affected": "2.7.4"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/15xxx/CVE-2025-15529.json"
}
References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.6"
        }
    ],
    "cpe": "cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.7.0
2.7.1
2.7.2
2.7.5
2.7.6
v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.8
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15529.json"