Login Sign Up

CVE-2025-15532

5.3 MEDIUM
Denial of Service

📋 TL;DR

CVE-2025-15532 is a resource consumption vulnerability in Open5GS's Timer Handler component that allows remote attackers to cause denial of service through resource exhaustion. This affects all Open5GS deployments up to version 2.7.5, particularly those exposed to untrusted networks.

💻 Affected Systems

Products:
  • Open5GS
Versions: Up to and including 2.7.5
Operating Systems: Linux, Unix-based systems
Default Config Vulnerable: ⚠️ Yes
Notes: All Open5GS deployments with Timer Handler functionality are affected regardless of configuration.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Open5GS components, potentially affecting mobile network functionality for all connected users.

🟠

Likely Case

Degraded performance or temporary service unavailability for affected Open5GS instances.

🟢

If Mitigated

Minimal impact with proper network segmentation and resource monitoring in place.

🌐 Internet-Facing: HIGH - Remote exploitation capability makes internet-facing instances particularly vulnerable.
🏢 Internal Only: MEDIUM - Internal instances are still vulnerable but require attacker access to internal network.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit code is publicly available and remote exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845

Vendor Advisory: https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a845

Restart Required: Yes

Instructions:

1. Update Open5GS to version after 2.7.5 or apply commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. 2. Restart all Open5GS services. 3. Verify the patch is applied by checking the commit hash.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict network access to Open5GS instances to trusted sources only

iptables -A INPUT -p tcp --dport [Open5GS_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [Open5GS_PORT] -j DROP

Resource Limits

linux

Implement system resource limits to prevent complete exhaustion

ulimit -n 4096
systemctl set-property open5gs.service MemoryLimit=2G

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Deploy monitoring for resource consumption anomalies and implement automated restart policies

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version | grep '2.7.5' or earlier

Check Version:

open5gs --version

Verify Fix Applied:

Verify commit hash contains c7c131f8d2cb1195ada5e0e691b6868ebcd8a845: git log --oneline | grep c7c131f8

📡 Detection & Monitoring

Log Indicators:

  • Unusual timer handler activity
  • Resource exhaustion warnings
  • Service restart patterns

Network Indicators:

  • High volume of requests to timer-related endpoints
  • Unusual traffic patterns from single sources

SIEM Query:

source="open5gs.log" AND ("resource exhaustion" OR "timer handler" OR "denial of service")

📊 Metadata

CVE ID: CVE-2025-15532
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-400
EPSS Score: 0.07% exploit probability (22th percentile)
Published: January 17, 2026
Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15532, you might also want to check these:

CVE-2024-45166 9.8

UCI IDOL2 through version 2.12 contains multiple memory corruption vulnerabilities due to improper i...

Same vulnerability type (CWE-400)
CVE-2025-61303 9.8

This vulnerability in Hatching Triage Sandbox allows malware samples to evade detection by recursive...

Same vulnerability type (CWE-400)
CVE-2024-39462 9.8

This is a Linux kernel memory corruption vulnerability in the BCM2711 DVP clock driver where array b...

Same vulnerability type (CWE-400)