The vulnerability resides in Open5GS SGWC, specifically the function ogs_gtp2_f_teid_to_ip within s11-handler.c. Remote manipulation of the GTPv2 signalling messages can cause a denial of service by corrupting memory handling in the function. The weakness is classified as CWE-404, indicating improper release of resources. The exploit has been published and is known to be usable, meaning an attacker with remote reach can trigger the service crash. The denial of service could render the SGWC component unavailable, disrupting GTP signalling between the Access Gateway and the Core network, which may cascade to affect user plane connectivity.

Open5GS Open5GS SGWC component is affected in all releases up to and including 2.7.5. Users deploying the Open5GS 5G core stack with SGWC should verify whether their installed version falls within this range and plan to upgrade to a later release that includes the fix.

The CVSS score of 6.9 indicates a moderate impact, while the EPSS score of less than 1% indicates a low probability of automated exploitation in the near term. Nonetheless, the fact that the exploit is publicly available and can be performed over the network warrants caution. The vulnerability is not listed in the CISA KEV catalog, but dependency on raw GTP traffic makes the component attractive for attackers. Remote attackers who can reach the SGWC GTP port can trigger the crash, and no special conditions beyond normal network interaction are required. Accordingly, the risk to any Open5GS deployment that exposes SGWC to untrusted traffic is high until patched.