Vulnerability Description
A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 442369dcd964f03d95429a6a01a57ed21f7779b7. Applying a patch is the recommended action to fix this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open5Gs | Open5Gs | <= 2.7.5 |
Related Weaknesses (CWE)
References
- https://github.com/open5gs/open5gs/
- https://github.com/open5gs/open5gs/commit/442369dcd964f03d95429a6a01a57ed21f7779Patch
- https://github.com/open5gs/open5gs/issues/4181ExploitIssue TrackingVendor Advisory
- https://github.com/open5gs/open5gs/issues/4181#issue-3667069101ExploitIssue TrackingVendor Advisory
- https://github.com/open5gs/open5gs/issues/4181#issuecomment-3615646842Issue Tracking
- https://vuldb.com/?ctiid.337590Permissions RequiredVDB Entry
- https://vuldb.com/?id.337590Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.716810Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-14954?
CVE-2025-14954 is a vulnerability with a CVSS score of 3.7 (LOW). A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/p...
How severe is CVE-2025-14954?
CVE-2025-14954 has been rated LOW with a CVSS base score of 3.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14954?
Check the references section above for vendor advisories and patch information. Affected products include: Open5Gs Open5Gs.