Description
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
Published: 2026-02-04
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is a stack‑based buffer overflow located in the hss_ogs_diam_cx_mar_cb function of the VoLTE Cx‑Test component. By manipulating the OGS_KEY_LEN argument, an attacker can overflow the stack, corrupting control data and enabling execution of arbitrary code or denial of service. This exploit can compromise confidentiality, integrity, and availability of the affected service.

Affected Systems

All installations of Open5GS up to and including version 2.7.6 that deploy the VoLTE Cx‑Test component are impacted. The flaw resides in src/hss/hss‑cx‑path.c and applies to any deployment using the default configuration of Open5GS, with no further platform restrictions noted.

Risk and Exploitability

The CVSS score of 6.9 denotes medium severity. EPSS is reported as less than 1 %, indicating a very low likelihood of active exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Based on the description, exploitation can be carried out remotely, likely via crafted Diameter requests to the HSS interface.*

Generated by OpenCVE AI on April 22, 2026 at 20:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor patch identified by commit 54dda041211098730221d0ae20a2f9f9173e7a21, which updates Open5GS to a version beyond 2.7.6.
  • If the patch is not immediately available, upgrade to a newer Open5GS release that includes the fix, such as 2.7.7 or later.
  • As an interim measure, limit or disable access to the VoLTE Cx‑Test HSS interface until the patch can be applied to reduce exposure.

Generated by OpenCVE AI on April 22, 2026 at 20:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 07 Apr 2026 18:00:00 +0000

Type Values Removed Values Added
References

Wed, 11 Feb 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
CPEs cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*

Thu, 05 Feb 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 05 Feb 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Open5gs
Open5gs open5gs
Vendors & Products Open5gs
Open5gs open5gs

Wed, 04 Feb 2026 20:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function hss_ogs_diam_cx_mar_cb of the file src/hss/hss-cx-path.c of the component VoLTE Cx-Test. The manipulation of the argument OGS_KEY_LEN results in stack-based buffer overflow. The attack may be launched remotely. The patch is identified as 54dda041211098730221d0ae20a2f9f9173e7a21. A patch should be applied to remediate this issue.
Title Open5GS VoLTE Cx-Test hss-cx-path.c hss_ogs_diam_cx_mar_cb stack-based overflow
Weaknesses CWE-119
CWE-121
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Open5gs Open5gs
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-07T15:49:09.962Z

Reserved: 2026-02-02T19:02:29.323Z

Link: CVE-2025-15555

cve-icon Vulnrichment

Updated: 2026-02-05T21:04:29.190Z

cve-icon NVD

Status : Modified

Published: 2026-02-04T21:15:57.380

Modified: 2026-04-07T16:16:22.347

Link: CVE-2025-15555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-22T20:15:20Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer

  • CWE-121

    Stack-based Buffer Overflow

  • CWE-787

    Out-of-bounds Write