Home

Description

A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing manipulation can lead to reachable assertion. It is possible to launch the attack remotely. The exploit has been published and may be used. This patch is called b72d8349980076e2c033c8324f07747a86eea4f8. Applying a patch is advised to resolve this issue.

PUBLISHED Reserved 2025-12-28 | Published 2025-12-29 | Updated 2025-12-29 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Reachable Assertion

Timeline

2025-12-28:Advisory disclosed
2025-12-28:VulDB entry created
2025-12-28:VulDB entry last update

Credits

ZiyuLin (VulDB User) reporter

References

vuldb.com/?id.338561 (VDB-338561 | Open5GS PFCP Session Establishment Request rule-match.c ogs_pfcp_pdr_rule_find_by_packet assertion) vdb-entry technical-description

vuldb.com/?ctiid.338561 (VDB-338561 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.719830 (Submit #719830 | Open5GS v2.7.5 Reachable Assertion) third-party-advisory

github.com/open5gs/open5gs/issues/4180 issue-tracking

github.com/open5gs/open5gs/issues/4180 issue-tracking

github.com/open5gs/open5gs/issues/4180 exploit issue-tracking

github.com/...ommit/b72d8349980076e2c033c8324f07747a86eea4f8 patch

cve.org (CVE-2025-15176)

nvd.nist.gov (CVE-2025-15176)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.