CVE-2025-15532

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-15532
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15532.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-15532
Published
2026-01-17T17:15:47.800Z
Modified
2026-03-15T22:50:37.795454Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type
GIT
Repo
https://github.com/open5gs/open5gs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
7dfd9a39649700c24c22f1978ed7a35541a72cca
Fixed
c7c131f8d2cb1195ada5e0e691b6868ebcd8a845
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.5"
        }
    ]
}

Affected versions

v0.*
v0.1.0
v0.1.1
v0.2.0
v0.3.0
v0.3.1
v0.3.10
v0.3.11
v0.3.2
v0.3.3
v0.3.4
v0.3.5
v0.3.6
v0.3.7
v0.3.8
v0.3.9
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.5.0
v0.5.1
v0.5.2
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.3.0
v2.*
v2.0.0
v2.0.18
v2.0.22
v2.1.0
v2.1.1
v2.1.3
v2.1.4
v2.1.5
v2.1.7
v2.2.0
v2.2.1
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.6
v2.4.0
v2.4.1
v2.4.3
v2.4.4
v2.4.5
v2.4.7
v2.4.8
v2.4.9
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.6
v2.7.0
v2.7.1
v2.7.2
v2.7.5
v2.7.6

Database specific

vanir_signatures 
[
    {
        "target": {
            "function": "ogs_gtp_xact_local_create",
            "file": "lib/gtp/xact.c"
        },
        "id": "CVE-2025-15532-25d98d46",
        "digest": {
            "function_hash": "323703276892728083106087510816015921101",
            "length": 1701.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "lib/core/ogs-timer.c"
        },
        "id": "CVE-2025-15532-34349634",
        "digest": {
            "line_hashes": [
                "273911611506519975819672974137632437178",
                "241047310841278730931528508235787346021",
                "306085860555002227820178176745293908000",
                "215973743762420497542099095195750057555"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "ogs_pfcp_xact_remote_create",
            "file": "lib/pfcp/xact.c"
        },
        "id": "CVE-2025-15532-61ad8d5e",
        "digest": {
            "function_hash": "59054723192042319303608959719765371873",
            "length": 1186.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "ogs_timer_add",
            "file": "lib/core/ogs-timer.c"
        },
        "id": "CVE-2025-15532-62e1d829",
        "digest": {
            "function_hash": "259908275280379165734613214589403093116",
            "length": 365.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "lib/gtp/xact.c"
        },
        "id": "CVE-2025-15532-65f81093",
        "digest": {
            "line_hashes": [
                "183976490646092980073471638633277872707",
                "85883995145701288501881419433590717319",
                "116061261236485337475895329684526629285",
                "285490994995974153232111895098601222719",
                "229473404556871714199815539752351879692",
                "222382123168866748821219561157598823673",
                "179025783957348034801486370502709770549",
                "247183160627004964496962706103124421238",
                "223080439763908535218716985468188594801",
                "223920509332174795580721651839647935837",
                "57854618214962076933452023553775438771",
                "56234019548508973598398173413288265550",
                "183976490646092980073471638633277872707",
                "85883995145701288501881419433590717319",
                "105347661539420044516503596517453334269",
                "307243063379203026569120256950367572245",
                "229473404556871714199815539752351879692",
                "222382123168866748821219561157598823673",
                "119650799084973805072634345684359918054",
                "92716182620481542764622039717516197926",
                "139879054146870085345110604347903535929",
                "122567870823977744227048978805694888764",
                "223080439763908535218716985468188594801",
                "9029167165224725236072781773789820419",
                "258074499864127031505211010026561742466",
                "102082124416542091853124628800226612746",
                "185651156036611975683868691343245822066",
                "200506154826581634886326871659832665601",
                "218042018534718061238739113217396306046",
                "311072323769239392114679424310296508775",
                "229473404556871714199815539752351879692",
                "222382123168866748821219561157598823673",
                "119650799084973805072634345684359918054",
                "92716182620481542764622039717516197926",
                "139879054146870085345110604347903535929",
                "122567870823977744227048978805694888764",
                "223080439763908535218716985468188594801",
                "9029167165224725236072781773789820419",
                "258074499864127031505211010026561742466",
                "102082124416542091853124628800226612746"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "sgwc_ue_add_by_message",
            "file": "src/sgwc/context.c"
        },
        "id": "CVE-2025-15532-6a02eed8",
        "digest": {
            "function_hash": "74475887798782324883149565252953416794",
            "length": 516.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "src/sgwc/context.c"
        },
        "id": "CVE-2025-15532-793b2501",
        "digest": {
            "line_hashes": [
                "317395081183540258912288277850742837404",
                "251474064839923258390425959409418696821",
                "323754196992852541456768571106495689240",
                "149516355275564178514780776752857589654",
                "94540872873315902942886396557044841350",
                "128555684785469779617968134167683041044",
                "177261959762940919569683894783772241524",
                "66302537241212234918050149027129031483"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "ogs_pfcp_xact_local_create",
            "file": "lib/pfcp/xact.c"
        },
        "id": "CVE-2025-15532-921bac4d",
        "digest": {
            "function_hash": "246347972725130565721344319944127152",
            "length": 1363.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "lib/pfcp/xact.c"
        },
        "id": "CVE-2025-15532-c0ad5fc9",
        "digest": {
            "line_hashes": [
                "77864179763475505886770634644343996152",
                "134295867096152682059842971749441246157",
                "307248061204152811203346073256680394389",
                "320162093722119221441351034321731267272",
                "229473404556871714199815539752351879692",
                "222382123168866748821219561157598823673",
                "151056836297766883378899075668157569758",
                "98444875980108993043897028608588513301",
                "151608846540775711652474586186740998161",
                "301244767593868478903198004980298790957",
                "223080439763908535218716985468188594801",
                "8639965247070728809050570801251231268",
                "334635640125677302660124681491697957523",
                "52236851240223353820789606226000547363",
                "267134517251412469768551490455754358810",
                "197567879446471411587718906497184947680",
                "11288256975732588036404363916960297357",
                "211464758421368527857472474288151759028",
                "139539869135004524190923189332033674003",
                "132926866455533689568877227147963028252",
                "77864179763475505886770634644343996152",
                "134295867096152682059842971749441246157",
                "84244846290263723169648547002547684691",
                "108200978843438700900448193184775946210",
                "229473404556871714199815539752351879692",
                "222382123168866748821219561157598823673",
                "151056836297766883378899075668157569758",
                "98444875980108993043897028608588513301",
                "151608846540775711652474586186740998161",
                "301244767593868478903198004980298790957",
                "223080439763908535218716985468188594801",
                "8639965247070728809050570801251231268",
                "334635640125677302660124681491697957523",
                "52236851240223353820789606226000547363",
                "267134517251412469768551490455754358810",
                "197567879446471411587718906497184947680",
                "11288256975732588036404363916960297357",
                "211464758421368527857472474288151759028",
                "139539869135004524190923189332033674003",
                "267837064499679731817368538159913581538"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "function": "ogs_gtp1_xact_local_create",
            "file": "lib/gtp/xact.c"
        },
        "id": "CVE-2025-15532-cf3fac40",
        "digest": {
            "function_hash": "53977312419274856569754872986877563606",
            "length": 1425.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "sgwc_ue_add",
            "file": "src/sgwc/context.c"
        },
        "id": "CVE-2025-15532-ddd85e8b",
        "digest": {
            "function_hash": "297873096494640978948857171413198085026",
            "length": 852.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "ogs_gtp_xact_remote_create",
            "file": "lib/gtp/xact.c"
        },
        "id": "CVE-2025-15532-f94aea7b",
        "digest": {
            "function_hash": "246869575842939477241379404712500743611",
            "length": 1165.0
        },
        "source": "https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Function"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-15532.json"