CVE-2025-15532
Published: 17 January 2026
Summary
CVE-2025-15532 is a medium-severity Uncontrolled Resource Consumption (CWE-400) vulnerability in Open5Gs Open5Gs. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Threat & Defense at a Glance
Threat & Defense Details
Likely Mitigating ControlsAI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Updated contingency plans include current procedures to detect, contain, and recover from resource exhaustion, limiting an attacker's ability to sustain impact from uncontrolled consumption.
Terminating idle connections bounds resource consumption that would otherwise allow uncontrolled accumulation of open sessions.
Limiting concurrent sessions directly prevents uncontrolled resource consumption by capping the number of active sessions per user or account.
Analysis identifies uncontrolled resource consumption indicative of denial-of-service or abuse attempts.
Contingency plan testing includes resource exhaustion scenarios to verify recovery, making it harder for attackers to sustain exploits that cause uncontrolled consumption.
Alternate site allows resumption of operations if resource exhaustion at the primary site is exploited to cause unavailability.
Alternate telecommunications services enable resumption of essential functions when primary services become unavailable due to uncontrolled resource consumption.
The team can analyze and respond to resource exhaustion incidents, reducing the impact of attacks that exploit uncontrolled consumption weaknesses.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Remote unauthenticated exploitation of the Timer Handler resource consumption flaw directly enables application-layer DoS via software vulnerability abuse (T1499.004).
NVD Description
A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released…
more
to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.
Deeper analysisAI
CVE-2025-15532 is a vulnerability in Open5GS versions up to and including 2.7.5, specifically affecting processing in the Timer Handler component. The flaw enables resource consumption through remote manipulation, classified under CWE-400 (Uncontrolled Resource Consumption) and CWE-404 (Improper Resource Shutdown or Release). It carries a CVSS v3.1 base score of 5.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L), indicating moderate severity with low availability impact but no confidentiality or integrity effects.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation results in resource consumption on the affected system, potentially leading to denial-of-service conditions by exhausting resources in the Timer Handler.
Mitigation is available via the patch commit c7c131f8d2cb1195ada5e0e691b6868ebcd8a845 in the Open5GS GitHub repository. Security practitioners should apply this patch promptly, as an exploit has been publicly released and may be used in attacks. Related details are documented in Open5GS issues #4220 and #4221.
Notable context includes the public availability of the exploit, increasing the risk of real-world attacks against unpatched Open5GS deployments.
Details
- CWE(s)