Cyber Resilience

CVE-2025-15532

MediumPublic PoC

Published: 17 January 2026

Published
17 January 2026
Modified
23 February 2026
KEV Added
Patch
CVSS Score v4 5.5 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0009 26.0th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15532 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-15532 is a vulnerability in Open5GS versions up to and including 2.7.5, specifically affecting processing in the Timer Handler component. The flaw enables resource consumption through remote manipulation, classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Shutdown or Release). It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating moderate severity with low availability impact but no confidentiality or integrity effects.

A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation results in resource consumption on the affected system, potentially leading to denial-of-service conditions by exhausting resources in the Timer Handler.

Mitigation is available via the patch commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845 in the Open5GS GitHub repository. Security practitioners should apply this patch promptly, as an exploit has been publicly released and may be used in attacks. Related details are documented in Open5GS issues #4220 and #4221.

Notable context includes the public availability of the exploit, increasing the risk of real-world attacks against unpatched Open5GS deployments.

EU & UK References

Vulnerability details

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released…

more

to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Remote unauthenticated exploitation of the Timer Handler resource consumption flaw directly enables application-layer DoS via software vulnerability abuse (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56921Same product: Open5Gs Open5Gs
CVE-2026-1586Same product: Open5Gs Open5Gs
CVE-2026-4240Same product: Open5Gs Open5Gs
CVE-2024-57519Same product: Open5Gs Open5Gs
CVE-2025-15529Same product: Open5Gs Open5Gs
CVE-2026-2517Same product: Open5Gs Open5Gs
CVE-2026-1521Same product: Open5Gs Open5Gs
CVE-2026-1522Same product: Open5Gs Open5Gs
CVE-2025-1893Same product: Open5Gs Open5Gs
CVE-2026-2524Same product: Open5Gs Open5Gs

Affected Assets

open5gs
open5gs
≤ 2.7.5

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires timely application of the vendor patch (c7c131f8d2cb1195ada5e0e691b6868ebcd8a845) that eliminates the uncontrolled resource consumption flaw in the Timer Handler.

prevent

Implements denial-of-service protections that limit or throttle resource consumption attacks targeting the Timer Handler from remote unauthenticated sources.

prevent

Enforces resource availability limits and prioritization so that Timer Handler exhaustion cannot degrade overall system availability.

References