Home

Description

A vulnerability has been found in Open5GS up to 2.7.6. Affected by this vulnerability is an unknown functionality of the component GTPv2 Bearer Response Handler. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 98f76e98df35cd6a35e868aa62715db7f8141ac1. A patch should be applied to remediate this issue.

PUBLISHED Reserved 2026-01-16 | Published 2026-01-16 | Updated 2026-02-23 | Assigner VulDB




MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
MEDIUM: 5.3CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
5.0AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C

Problem types

Denial of Service

Timeline

2026-01-16:Advisory disclosed
2026-01-16:VulDB entry created
2026-02-09:VulDB entry last update

Credits

ZiyuLin (VulDB User) reporter

References

vuldb.com/?id.341595 (VDB-341595 | Open5GS GTPv2 Bearer Response denial of service) vdb-entry technical-description

vuldb.com/?ctiid.341595 (VDB-341595 | CTI Indicators (IOB, IOC, TTP)) signature permissions-required

vuldb.com/?submit.728128 (Submit #728128 | Open5GS SGWC v2.7.6 Denial of Service) third-party-advisory

vuldb.com/?submit.729359 (Submit #729359 | Open5GS SGWC v2.7.6 Denial of Service (Duplicate)) third-party-advisory

vuldb.com/?submit.729360 (Submit #729360 | Open5GS SGWC v2.7.6 Denial of Service (Duplicate)) third-party-advisory

vuldb.com/?submit.738373 (Submit #738373 | Open5GS SGWC v2.7.6 Denial of Service (Duplicate)) third-party-advisory

github.com/open5gs/open5gs/issues/4225 issue-tracking

github.com/open5gs/open5gs/issues/4225 exploit issue-tracking

github.com/...ommit/98f76e98df35cd6a35e868aa62715db7f8141ac1 patch

github.com/open5gs/open5gs/ product

cve.org (CVE-2025-15528)

nvd.nist.gov (CVE-2025-15528)

Download JSON