Vulnerability-Lookup

CNVD-2026-04540

Vulnerability from cnvd - Published: 2026-01-16

Title

Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request拒绝服务漏洞

Description

Open5GS是开源的5G核心网系统。 Open5GS 2.7.6版本及之前版本中的GTPv2-C F-TEID处理器件存在拒绝服务漏洞，攻击者可利用该漏洞造成服务中断。

Severity

低

Formal description

目前厂商尚未发布升级补丁以修复漏洞。补丁获取链接： https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178a1

Reference

https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178a1 https://github.com/open5gs/open5gs/issues/4203 https://github.com/open5gs/open5gs/issues/4203#issue-3719257558 https://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498 https://vuldb.com/?ctiid.339339 https://vuldb.com/?id.339339 https://vuldb.com/?submit.727616

Impacted products

Name
Open5GS Open5GS <=2.7.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2025-15417",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2025-15417"
    }
  },
  "description": "Open5GS\u662f\u5f00\u6e90\u76845G\u6838\u5fc3\u7f51\u7cfb\u7edf\u3002\n\nOpen5GS 2.7.6\u7248\u672c\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684GTPv2-C F-TEID\u5904\u7406\u5668\u4ef6\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u670d\u52a1\u4e2d\u65ad\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\u3002\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178a1",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-04540",
  "openTime": "2026-01-16",
  "products": {
    "product": "Open5GS Open5GS \u003c=2.7.6"
  },
  "referenceLink": "https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178a1\r\nhttps://github.com/open5gs/open5gs/issues/4203\r\nhttps://github.com/open5gs/open5gs/issues/4203#issue-3719257558\r\nhttps://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498\r\nhttps://vuldb.com/?ctiid.339339\r\nhttps://vuldb.com/?id.339339\r\nhttps://vuldb.com/?submit.727616",
  "serverity": "\u4f4e",
  "submitTime": "2026-01-15",
  "title": "Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2025-15417 (GCVE-0-2025-15417)

Vulnerability from cvelistv5 – Published: 2026-01-01 23:02 – Updated: 2026-01-06 14:33 X_Open Source

Title

Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service

Summary

A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1. A patch should be applied to remediate this issue.

Severity ?

4.8 (Medium)


                        
                          CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE

CWE-404 - Denial of Service

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.339339	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.339339	signaturepermissions-required
	https://vuldb.com/?submit.727616	third-party-advisory
	https://github.com/open5gs/open5gs/issues/4203	issue-tracking
	https://github.com/open5gs/open5gs/issues/4203#is…	issue-tracking
	https://github.com/open5gs/open5gs/issues/4203#is…	exploitissue-tracking
	https://github.com/open5gs/open5gs/commit/465273d…	patch

Impacted products

	Vendor	Product	Version
	n/a	Open5GS	Affected: 2.7.0 Affected: 2.7.1 Affected: 2.7.2 Affected: 2.7.3 Affected: 2.7.4 Affected: 2.7.5 Affected: 2.7.6

Credits

ZiyuLin (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-15417",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-06T14:33:01.789954Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-06T14:33:18.331Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/open5gs/open5gs/issues/4203#issue-3719257558"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "modules": [
            "GTPv2-C F-TEID Handler"
          ],
          "product": "Open5GS",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "2.7.0"
            },
            {
              "status": "affected",
              "version": "2.7.1"
            },
            {
              "status": "affected",
              "version": "2.7.2"
            },
            {
              "status": "affected",
              "version": "2.7.3"
            },
            {
              "status": "affected",
              "version": "2.7.4"
            },
            {
              "status": "affected",
              "version": "2.7.5"
            },
            {
              "status": "affected",
              "version": "2.7.6"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "ZiyuLin (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is publicly available and might be used. The name of the patch is 465273d13ba5d47b274c38c9d1b07f04859178a1. A patch should be applied to remediate this issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 1.7,
            "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-404",
              "description": "Denial of Service",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-01T23:02:07.030Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-339339 | Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.339339"
        },
        {
          "name": "VDB-339339 | CTI Indicators (IOB, IOC, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.339339"
        },
        {
          "name": "Submit #727616 | Open5GS SGWC v2.7.6 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.727616"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/open5gs/open5gs/issues/4203"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/open5gs/open5gs/issues/4203#issuecomment-3681643498"
        },
        {
          "tags": [
            "exploit",
            "issue-tracking"
          ],
          "url": "https://github.com/open5gs/open5gs/issues/4203#issue-3719257558"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/open5gs/open5gs/commit/465273d13ba5d47b274c38c9d1b07f04859178a1"
        }
      ],
      "tags": [
        "x_open-source"
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-01-01T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2026-01-01T01:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2026-01-01T11:56:16.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-15417",
    "datePublished": "2026-01-01T23:02:07.030Z",
    "dateReserved": "2026-01-01T10:50:23.624Z",
    "dateUpdated": "2026-01-06T14:33:18.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-04540

CVE-2025-15417 (GCVE-0-2025-15417)

Tags

Sightings

Nomenclature