Nixpkgs security tracker

Dismissed

Permalink CVE-2025-15532

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 3 months, 1 week ago by @LeSuisse Activity log

Created suggestion 3 months, 1 week ago
@LeSuisse ignored package open5gs-webui 3 months, 1 week ago
@LeSuisse dismissed 3 months, 1 week ago

Open5GS Timer resource consumption

A security flaw has been discovered in Open5GS up to 2.7.5. This issue affects some unknown processing of the component Timer Handler. The manipulation results in resource consumption. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The patch is identified as c7c131f8d2cb1195ada5e0e691b6868ebcd8a845. It is best practice to apply a patch to resolve this issue.

References

VDB-341599 | Open5GS Timer resource consumption vdb-entry
VDB-341599 | CTI Indicators (IOB, IOC, TTP) signaturepermissions-required
Submit #729354 | Open5GS SGWC v2.7.6 Denial of Service third-party-advisory
Submit #729357 | Open5GS SGWC v2.7.6 Denial of Service (Duplicate) third-party-advisory
https://github.com/open5gs/open5gs/issues/4220 issue-tracking
https://github.com/open5gs/open5gs/issues/4221 issue-tracking
https://github.com/open5gs/open5gs/issues/4220#issue-3766066853 exploitissue-tracking
https://github.com/open5gs/open5gs/commit/c7c131f8d2cb1195ada5e0e691b6868ebcd8a… patch

Affected products

Open5GS

==2.7.5
==2.7.1
==2.7.2
==2.7.4
==2.7.3
==2.7.0

Matching in nixpkgs

pkgs.open5gs

4G/5G core network components

nixos-unstable 2.7.6
- nixpkgs-unstable 2.7.6
- nixos-unstable-small 2.7.6

Ignored packages (1)

pkgs.open5gs-webui