CVE-2025-15555
Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
11th
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
| CWE | CWE-121 CWE-119 |
| Vendor | n/a |
| Product | open5gs |
| Published | Feb 4, 2026 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a open5gs
Be the first to know when new high vulnerabilities affecting n/a open5gs are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
n/a / Open5GS
2.7.0 2.7.1 2.7.2 2.7.3 2.7.4 2.7.5 2.7.6
References
vuldb.com: https://vuldb.com/vuln/343795 vuldb.com: https://vuldb.com/vuln/343795/cti vuldb.com: https://vuldb.com/submit/741901 github.com: https://github.com/open5gs/open5gs/issues/4177 github.com: https://github.com/open5gs/open5gs/issues/4177#event-21256395700 github.com: https://github.com/open5gs/open5gs/commit/54dda041211098730221d0ae20a2f9f9173e7a21 github.com: https://github.com/open5gs/open5gs/
Credits
Luca Jungnickel (Fraunhofer FOKUS) ๐ jungnickel (VulDB User) jungnickel (VulDB User)