CVE-2025-15528
Published: 16 January 2026
Summary
CVE-2025-15528 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 22.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios.
Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release.
Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects.
Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of public-facing GTPv2 service directly matches T1190; resulting DoS via component manipulation matches T1499.004 Application or System Exploitation.
NVD Description
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit…
more
has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.
Deeper analysisAI
CVE-2025-15528 is a vulnerability in Open5GS versions up to 2.7.6 that affects an unknown functionality of the GTPv2 Bearer Response Handler component. Manipulation of this component leads to a denial of service condition, classified under CWE-404 with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
The vulnerability can be exploited remotely by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation results in low-impact disruption to service availability, without affecting confidentiality or integrity.
Mitigation is available via a patch released by the Open5GS project at GitHub commit 98f76e98df35cd6a35e868aa62715db7f8141ac1, which should be applied to remediate the issue. Additional details are documented in GitHub issues #4225 and the related comment #3769531006.
The exploit has been disclosed to the public, potentially enabling its use by adversaries.
Details
- CWE(s)