CVE-2025-15528 – A denial-of-service vulnerability exists in Ope... (How to Fix)

Q: What is the severity of CVE-2025-15528?

CVE-2025-15528 has a CVSS score of 5.3 (MEDIUM). A denial-of-service vulnerability exists in Open5GS's GTPv2 Bearer Response Handler component. Attackers can remotely crash affected systems by sending specially crafted network packets. This affects all Open5GS deployments up to version 2.7.6.

📋 TL;DR

A denial-of-service vulnerability exists in Open5GS's GTPv2 Bearer Response Handler component. Attackers can remotely crash affected systems by sending specially crafted network packets. This affects all Open5GS deployments up to version 2.7.6.

💻 Affected Systems

Products:

Open5GS

Versions: All versions up to and including 2.7.6

Operating Systems: Linux, BSD-based systems

Default Config Vulnerable: ⚠️ Yes

Notes: Any Open5GS deployment with GTPv2 functionality enabled is vulnerable. This is a core component of the 5G core network implementation.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of the 5G core network functions, potentially affecting all connected mobile devices and services.

🟠

Likely Case

Service instability and periodic crashes of the GTPv2 component, leading to degraded network performance and dropped connections.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring, though service could still be temporarily affected.

🌐 Internet-Facing: HIGH - Attack can be launched remotely without authentication, making internet-facing deployments particularly vulnerable.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could still exploit this vulnerability to disrupt services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit details have been publicly disclosed in GitHub issues. The vulnerability is in a network-facing component and requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 98f76e98df35cd6a35e868aa62715db7f8141ac1 and later versions

Vendor Advisory: https://github.com/open5gs/open5gs/issues/4225

Restart Required: Yes

Instructions:

1. Update Open5GS to the latest version from the official repository. 2. Apply commit 98f76e98df35cd6a35e868aa62715db7f8141ac1 if using source build. 3. Restart all Open5GS services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to GTPv2 ports (2123 UDP) to trusted networks only

iptables -A INPUT -p udp --dport 2123 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p udp --dport 2123 -j DROP

Rate Limiting

linux

Implement rate limiting on GTPv2 traffic to reduce impact of DoS attempts

iptables -A INPUT -p udp --dport 2123 -m limit --limit 100/minute --limit-burst 200 -j ACCEPT
iptables -A INPUT -p udp --dport 2123 -j DROP

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the GTPv2 interface
Deploy intrusion detection systems to monitor for exploitation attempts and alert on suspicious GTPv2 traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version. If version is 2.7.6 or earlier, system is vulnerable.

Check Version:

open5gs --version

Verify Fix Applied:

Verify commit hash includes 98f76e98df35cd6a35e868aa62715db7f8141ac1: git log --oneline | grep 98f76e98df35cd6a35e868aa62715db7f8141ac1

📡 Detection & Monitoring

Log Indicators:

Unexpected crashes or restarts of Open5GS GTPv2 service
Error messages related to GTPv2 Bearer Response Handler
High frequency of malformed GTPv2 packets in logs

Network Indicators:

Unusual volume of GTPv2 traffic from single sources
Malformed GTPv2 packets on port 2123 UDP
Traffic patterns matching known exploit signatures

SIEM Query:

source="open5gs.log" AND ("crash" OR "segfault" OR "GTPv2 error") OR (dest_port=2123 AND protocol=UDP AND packet_size>threshold)

📊 Metadata

CVE ID: CVE-2025-15528

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

EPSS Score: 0.08% exploit probability (24th percentile)

Published: January 16, 2026

Last Updated: February 23, 2026

🔗 References

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141ac1 Patch
https://github.com/open5gs/open5gs/issues/4225 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4225#issue-3769531006 Exploit,Issue Tracking,Vendor Advisory
https://vuldb.com/?ctiid.341595 Permissions Required,VDB Entry
https://vuldb.com/?id.341595 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.728128 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.729359
https://vuldb.com/?submit.729360
https://vuldb.com/?submit.738373

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15528, you might also want to check these: