CVE-2025-15176

Description

A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing a manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.

CVSS v3.1 Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Weakness Type (CWE)

CWE-617 CWE-617

Affected Products

Vendor	Product	Versions
open5gs	open5gs	< 2.7.5

References

Advisories & Patches

https://github.com/open5gs/open5gs/commit/b72d8349980076e2c033c8324f07747a86eea4f8

Exploits

https://github.com/open5gs/open5gs/issues/4180 https://github.com/open5gs/open5gs/issues/4180#issue-3666760066 https://github.com/open5gs/open5gs/issues/4180#issuecomment-3615555671 https://vuldb.com/?submit.719830

Other References

https://github.com/open5gs/open5gs/ https://vuldb.com/?ctiid.338561 https://vuldb.com/?id.338561

Frequently Asked Questions

What is CVE-2025-15176? +

A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing a manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue. It has a CVSS v3.1 base score of 5.3 (MEDIUM).

How severe is CVE-2025-15176? +

CVE-2025-15176 has a CVSS v3.1 score of 5.3 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.

What products are affected by CVE-2025-15176? +

CVE-2025-15176 affects products from open5gs, specifically: open5gs. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2025-15176? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-4321

In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard …

CVE-2025-34458

wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the …

CVE-2026-31739 8.8

In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver …

CVE-2023-37015 8.6

Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over the …

CVE-2023-37016 8.6

Open5GS MME versions <= 2.6.4 contain an assertion that can be remotely triggered via a malformed ASN.1 packet over the …

CVE-2023-37017 8.6