CVE-2025-15176
MEDIUMDescription
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing a manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.
Is your site exposed to CVE-2025-15176?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| open5gs | open5gs |
References
Advisories & Patches
Exploits
Frequently Asked Questions
What is CVE-2025-15176? +
How severe is CVE-2025-15176? +
What products are affected by CVE-2025-15176? +
How do I check if I'm vulnerable to CVE-2025-15176? +
Related Vulnerabilities
In a Bluetooth device, using RS9116-WiseConnect SDK experiences a Denial of Service, if it receives malformed L2CAP packets, only hard …
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the …
A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted …
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated …
A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted …
In the Linux kernel, the following vulnerability has been resolved: crypto: tegra - Add missing CRYPTO_ALG_ASYNC The tegra crypto driver …