CVE-2025-15418 – A local denial-of-service vulnerability exists ... (How to Fix)

Q: What is the severity of CVE-2025-15418?

CVE-2025-15418 has a CVSS score of 3.3 (LOW). A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_parse_bearer_qos function mishandles Bearer QoS IE Length, allowing an attacker with local access to crash the service. This affects systems running vulnerable Open5GS deployments, particularly in telecom network core implementations.

📋 TL;DR

A local denial-of-service vulnerability exists in Open5GS versions up to 2.7.6 where the ogs_gtp2_parse_bearer_qos function mishandles Bearer QoS IE Length, allowing an attacker with local access to crash the service. This affects systems running vulnerable Open5GS deployments, particularly in telecom network core implementations.

💻 Affected Systems

Products:

Open5GS

Versions: up to 2.7.6

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ⚠️ Yes

Notes: Affects deployments using GTPv2 protocol handling. Primarily impacts telecom core network implementations.

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of Open5GS components, potentially affecting mobile network connectivity for users served by the affected system.

🟠

Likely Case

Local denial-of-service causing service interruption requiring manual restart of affected Open5GS processes.

🟢

If Mitigated

Minimal impact with proper network segmentation and access controls limiting local attack surface.

🌐 Internet-Facing: LOW - Attack requires local access, cannot be exploited remotely.

🏢 Internal Only: MEDIUM - Local attackers or compromised internal systems could exploit this to disrupt services.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access to the system running Open5GS. Public exploit details available in GitHub issues.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 4e913d21f2c032b187815f063dbab5ebe65fe83a

Vendor Advisory: https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a

Restart Required: Yes

Instructions:

1. Update Open5GS to version after 2.7.6 or apply commit 4e913d21f2c032b187815f063dbab5ebe65fe83a. 2. Recompile and reinstall Open5GS. 3. Restart all Open5GS services.

🔧 Temporary Workarounds

Restrict local access

linux

Limit local system access to trusted users and processes only

# Review and restrict user accounts with access to Open5GS system
# Implement strict access controls and monitoring

Process isolation

linux

Run Open5GS in container or with minimal privileges

# Run Open5GS in Docker container with limited capabilities
# Use systemd to run with reduced privileges

🧯 If You Can't Patch

Implement strict access controls to limit local users who can interact with Open5GS processes
Monitor system logs for crash events and implement automated restart mechanisms for Open5GS services

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version or examine installed package version. If version is 2.7.6 or earlier, system is vulnerable.

Check Version:

open5gs --version 2>/dev/null || dpkg -l | grep open5gs || rpm -qa | grep open5gs

Verify Fix Applied:

Verify commit 4e913d21f2c032b187815f063dbab5ebe65fe83a is present in git log or check version is newer than 2.7.6

📡 Detection & Monitoring

Log Indicators:

Open5GS process crashes or abnormal termination
Error messages related to ogs_gtp2_parse_bearer_qos function
Segmentation fault in Open5GS logs

Network Indicators:

Unexpected GTP protocol errors
Service unavailability for mobile network users

SIEM Query:

process_name:"open5gs" AND (event_type:"crash" OR error_message:"segmentation fault")

📊 Metadata

CVE ID: CVE-2025-15418

CVSS v3 Score: 3.3 (LOW)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-404

Published: January 2, 2026

Last Updated: February 5, 2026

🤖 AI-assisted analysis, reviewed for accuracy

🔗 References

https://github.com/open5gs/open5gs/commit/4e913d21f2c032b187815f063dbab5ebe65fe83a Patch
https://github.com/open5gs/open5gs/issues/4217 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4217#issue-3759615968 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4217#issuecomment-3690767105 Issue Tracking,Exploit,Vendor Advisory
https://vuldb.com/?ctiid.339340 Permissions Required,VDB Entry
https://vuldb.com/?id.339340 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.728043 Third Party Advisory,VDB Entry
https://github.com/open5gs/open5gs/issues/4217 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4217#issue-3759615968 Exploit,Issue Tracking,Vendor Advisory
https://github.com/open5gs/open5gs/issues/4217#issuecomment-3690767105 Issue Tracking,Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-15418, you might also want to check these: