Open5GS 直到 2.7.5 PFCP Session Establishment Request lib/pfcp/rule-match.c 拒绝服务

Dear VulnDB Team,

I am writing to dispute the current CVSS score of 3.1 assigned to this vulnerability. I strongly believe the score should be 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

My assessment is based on the technical facts of the exploit and consistency with recently scored vulnerabilities of the same nature.

1. Reference to Similar Vulnerability (Precedent) A nearly identical vulnerability, CVE-2025-65559, was recently analyzed by NVD and assigned a score of 7.5.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-65559

Comparison: Just like CVE-2025-65559, the vulnerability I reported involves a remote attacker sending a malformed packet to a network service (UPF/Core Network), causing the process to crash immediately. There is no technical justification for scoring my finding (3.1) so drastically lower than its peer (7.5).

2. Technical Justification for Vector Changes

AV: Local (L) -> Network (N): The target service listens on a network interface (e.g., UDP port). The attack is performed remotely by sending packets over the network, identical to the vector in CVE-2025-65559. Local access is NOT required.

PR: Low (L) -> None (N): The crash occurs during the packet parsing stage, prior to any authentication. No credentials are needed to send the UDP packet that triggers the crash.

A: Low (L) -> High (H): The vulnerability causes a fatal crash (Segfault/Panic) of the daemon. The service stops completely and requires a restart. This constitutes a total loss of availability.

I kindly request you to align the scoring of this vulnerability with the established standard for remote DoS vulnerabilities (7.5) to maintain consistency in the database.

Best regards,
Ziyu