CVE-2025-15532
Published: 17 January 2026
Summary
CVE-2025-15532 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.5 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 26.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-15532 is a vulnerability in Open5GS versions up to and including 2.7.5, specifically affecting processing in the Timer Handler component. The flaw enables resource consumption through remote manipulation, classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Shutdown or Release). It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating moderate severity with low availability impact but no confidentiality or integrity effects.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation results in resource consumption on the affected system, potentially leading to denial-of-service conditions by exhausting resources in the Timer Handler.
Mitigation is available via the patch commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845 in the Open5GS GitHub repository. Security practitioners should apply this patch promptly, as an exploit has been publicly released and may be used in attacks. Related details are documented in Open5GS issues #4220 and #4221.
Notable context includes the public availability of the exploit, increasing the risk of real-world attacks against unpatched Open5GS deployments.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-3137
Vulnerability details
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released…
more
to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of the Timer Handler resource consumption flaw directly enables application-layer DoS via software vulnerability abuse (T1499.004).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely application of the vendor patch (c7c131f8d2cb1195ada5e0e691b6868ebcd8a845) that eliminates the uncontrolled resource consumption flaw in the Timer Handler.
Implements denial-of-service protections that limit or throttle resource consumption attacks targeting the Timer Handler from remote unauthenticated sources.
Enforces resource availability limits and prioritization so that Timer Handler exhaustion cannot degrade overall system availability.