CVE-2025-15555

EUVD-2025-206778
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
7.3 HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
open5gsopen5gs
𝑥
≤ 2.7.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f9173e7a21
https://github.com/open5gs/open5gs/issues/4177
https://github.com/open5gs/open5gs/issues/4177#event-21256395700
https://vuldb.com/?ctiid.343795
https://vuldb.com/?id.343795
https://vuldb.com/?submit.741901
https://github.com/open5gs/open5gs/issues/4177#event-21256395700