CVE-2025-15176 – This vulnerability in Open5GS allows remote att... (How to Fix)

Q: What is the severity of CVE-2025-15176?

CVE-2025-15176 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the PFCP Session Establishment Request Handler by manipulating packets. This can cause denial of service by crashing the affected service. Systems running Open5GS versions up to 2.7.5 with PFCP functionality enabled are affected.

📋 TL;DR

This vulnerability in Open5GS allows remote attackers to trigger a reachable assertion in the PFCP Session Establishment Request Handler by manipulating packets. This can cause denial of service by crashing the affected service. Systems running Open5GS versions up to 2.7.5 with PFCP functionality enabled are affected.

💻 Affected Systems

Products:

Open5GS

Versions: Up to and including version 2.7.5

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with PFCP functionality enabled, which is typically part of the 5G core network implementation.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Service disruption through denial of service, potentially affecting 5G network functionality for connected devices.

🟠

Likely Case

Service crash requiring restart, causing temporary service interruption.

🟢

If Mitigated

Minimal impact if proper network segmentation and monitoring are in place to detect and block malicious traffic.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-facing instances particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to the PFCP interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The exploit has been published and manipulation can be launched remotely without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit b72d8349980076e2c033c8324f07747a86eea4f8 and later versions

Vendor Advisory: https://github.com/open5gs/open5gs/commit/b72d8349980076e2c033c8324f07747a86eea4f8

Restart Required: Yes

Instructions:

1. Update Open5GS to version after 2.7.5 or apply commit b72d8349980076e2c033c8324f07747a86eea4f8. 2. Rebuild from source if using source installation. 3. Restart all Open5GS services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to PFCP interface (typically port 8805) to trusted networks only

iptables -A INPUT -p udp --dport 8805 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit PFCP interface exposure
Deploy intrusion detection/prevention systems to monitor for abnormal PFCP traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version or examine source code for presence of vulnerable function in lib/pfcp/rule-match.c

Check Version:

open5gs --version

Verify Fix Applied:

Verify commit b72d8349980076e2c033c8324f07747a86eea4f8 is present in git log or check version is greater than 2.7.5

📡 Detection & Monitoring

Log Indicators:

Service crashes or restarts
Assertion failures in Open5GS logs
Abnormal PFCP session establishment attempts

Network Indicators:

Unusual traffic to PFCP port (8805/udp)
Malformed PFCP packets

SIEM Query:

source="open5gs.log" AND ("assertion" OR "crash" OR "segfault") OR destination_port=8805 AND protocol=udp AND abnormal_packet_size

📊 Metadata

CVE ID: CVE-2025-15176

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-617

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: December 29, 2025

Last Updated: February 24, 2026

🔗 References

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/b72d8349980076e2c033c8324f07747a86eea4f8 Patch
https://github.com/open5gs/open5gs/issues/4180 Exploit,Issue Tracking
https://github.com/open5gs/open5gs/issues/4180#issue-3666760066 Exploit,Issue Tracking
https://github.com/open5gs/open5gs/issues/4180#issuecomment-3615555671 Exploit,Issue Tracking
https://vuldb.com/?ctiid.338561 Permissions Required,VDB Entry
https://vuldb.com/?id.338561 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.719830 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15176, you might also want to check these: