Open5GS up to 2.7.5 PFCP lib/pfcp/handler.c ogs_pfcp_handle_create_pdr initialization
Summary
A vulnerability identified as problematic has been detected in Open5GS up to 2.7.5. Affected by this issue is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. This manipulation causes initialization.
This vulnerability is handled as CVE-2025-14955. The attack can be initiated remotely. Additionally, an exploit exists.
It is recommended to apply a patch to fix this issue.
Details
A vulnerability classified as problematic was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation with an unknown input leads to a initialization vulnerability. The CWE definition for the vulnerability is CWE-665. The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. As an impact it is known to affect availability.
It is possible to read the advisory at github.com. This vulnerability is known as CVE-2025-14955. The exploitation appears to be difficult. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known.
It is possible to download the exploit at github.com. It is declared as proof-of-concept.
Applying the patch 773117aa5472af26fc9f80e608d3386504c3bdb7 is able to eliminate this problem. The bugfix is ready for download at github.com.
Be aware that VulDB is the high quality source for vulnerability data.
Product
Name
Version
License
Website
- Product: https://github.com/open5gs/open5gs/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔒VulDB Reliability: 🔍
CNA CVSS-B Score: 🔒
CNA CVSS-BT Score: 🔒
CNA Vector: 🔒
CVSSv3
VulDB Meta Base Score: 3.7VulDB Meta Temp Score: 3.5
VulDB Base Score: 3.7
VulDB Temp Score: 3.4
VulDB Vector: 🔒
VulDB Reliability: 🔍
CNA Base Score: 3.7
CNA Vector: 🔒
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: InitializationCWE: CWE-665
CAPEC: 🔒
ATT&CK: 🔒
Physical: No
Local: No
Remote: Yes
Availability: 🔒
Access: Public
Status: Proof-of-Concept
Download: 🔒
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔒
Patch: 773117aa5472af26fc9f80e608d3386504c3bdb7
Timeline
12/19/2025 Advisory disclosed12/19/2025 VulDB entry created
12/20/2025 VulDB entry last update
Sources
Product: github.comAdvisory: 4182
Status: Confirmed
Confirmation: 🔒
CVE: CVE-2025-14955 (🔒)
GCVE (CVE): GCVE-0-2025-14955
GCVE (VulDB): GCVE-100-337591
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 12/19/2025 09:36Updated: 12/20/2025 21:28
Changes: 12/19/2025 09:36 (60), 12/20/2025 21:28 (30)
Complete: 🔍
Submitter: ZiyuLin
Cache ID: 216::103
Submit
Accepted
- Submit #716841: Open5GS v2.7.5 Reachable Assertion (by ZiyuLin)
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.