CVE-2025-15528
Published: 16 January 2026
Summary
CVE-2025-15528 is a medium-severity Improper Resource Shutdown or Release (CWE-404) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-15528 is a vulnerability in Open5GS versions up to 2.7.6 that affects an unknown functionality of the GTPv2 Bearer Response Handler component. Manipulation of this component leads to a denial of service condition, classified under CWE-404 with a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
The vulnerability can be exploited remotely by unauthenticated attackers with low attack complexity and no user interaction required. Successful exploitation results in low-impact disruption to service availability, without affecting confidentiality or integrity.
Mitigation is available via a patch released by the Open5GS project at GitHub commit 98f76e98df35cd6a35e868aa62715db7f8141ac1, which should be applied to remediate the issue. Additional details are documented in GitHub issues #4225 and the related comment #3769531006.
The exploit has been disclosed to the public, potentially enabling its use by adversaries.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-206296
Vulnerability details
A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit…
more
has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of public-facing GTPv2 service directly matches T1190; resulting DoS via component manipulation matches T1499.004 Application or System Exploitation.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (commit 98f76e98) that eliminates the GTPv2 Bearer Response Handler flaw.
Mandates denial-of-service protection mechanisms that would block or throttle the remote unauthenticated manipulation causing service disruption.
Requires validation of protocol inputs, which would reject malformed GTPv2 Bearer Response messages that trigger the DoS condition.