CVE-2025-14953 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the function ogs_pfcp_handle_create_pdr within the lib/pfcp/handler.c file, specifically in the FAR-ID Handler component responsible for processing Packet Detection Rules (PDRs) in the PFCP protocol. The vulnerability is a null pointer dereference that can be triggered remotely by sending crafted PFCP messages. This causes the affected process to dereference a null pointer, leading to a crash and denial of service (DoS) condition. Exploiting this vulnerability requires a high level of complexity due to the need for precise manipulation of PFCP messages and understanding of the 5G core protocol internals. No user interaction or elevated privileges are necessary, but the attacker must have network access to the PFCP interface. The CVSS v4.0 score is 2.3, reflecting low severity due to limited impact (denial of service only), difficult exploitability, and no confidentiality or integrity impact. The vulnerability affects Open5GS versions 2.7.0 through 2.7.5. A patch has been released (commit 93a9fd98a8baa94289be3b982028201de4534e32) to address this issue. Although no known exploits are currently in the wild, the publication of the exploit code increases the risk of future attacks. Given Open5GS's role in 5G core networks, this vulnerability could disrupt mobile network services if exploited.

For European organizations, particularly telecom operators and mobile network providers deploying Open5GS as part of their 5G core infrastructure, this vulnerability poses a risk of service disruption through denial of service attacks. A successful exploit could crash critical network functions handling PFCP messages, potentially causing outages or degraded network performance. This could impact mobile subscribers' connectivity and service quality. While the vulnerability does not allow data theft or modification, the availability impact on core network components is significant for maintaining continuous 5G service. Disruptions could affect enterprise customers relying on 5G connectivity for critical applications, as well as consumer services. The low exploitability and complexity reduce immediate risk, but the presence of published exploit code means attackers could develop effective attacks over time. European telecom regulators and operators must consider this vulnerability in their risk assessments and incident response planning to avoid network instability.

European organizations using Open5GS should immediately apply the official patch identified by commit 93a9fd98a8baa94289be3b982028201de4534e32 to all affected versions (2.7.0 to 2.7.5). Network administrators should verify that PFCP interfaces are properly segmented and protected by network access controls to limit exposure to untrusted networks. Implement strict monitoring and anomaly detection on PFCP traffic to identify unusual or malformed messages that could indicate exploitation attempts. Conduct regular security audits and vulnerability scans on 5G core components to ensure no outdated versions remain in production. Additionally, maintain up-to-date incident response plans tailored to 5G network disruptions. Consider deploying redundancy and failover mechanisms for critical Open5GS components to minimize service impact if a crash occurs. Collaboration with vendors and sharing threat intelligence within European telecom communities can help detect emerging exploitation trends.