NIXPKGS-2026-0067

GitHub issue published on

Permalink CVE-2025-15528

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored package open5gs-webui 3 months, 1 week ago
@LeSuisse accepted 3 months, 1 week ago
@LeSuisse published on GitHub 3 months, 1 week ago

Open5GS GTPv2 Bearer Response denial of service

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.

References

VDB-341595 | Open5GS GTPv2 Bearer Response denial of service vdb-entry
VDB-341595 | CTI Indicators (IOB, IOC, TTP) signaturepermissions-required
Submit #728128 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
https://github.com/open5gs/open5gs/issues/4225 issue-tracking
https://github.com/open5gs/open5gs/issues/4225#issue-3769531006 exploitissue-tracking
https://github.com/open5gs/open5gs/commit/98f76e98df35cd6a35e868aa62715db7f8141… patch

Affected products

Open5GS

==2.7.5
==2.7.6
==2.7.1
==2.7.2
==2.7.4
==2.7.3
==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Ignored packages (1)

pkgs.open5gs-webui