CVE-2025-14953 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw is a NULL pointer dereference occurring in the function ogs_pfcp_handle_create_pdr, located in the FAR-ID Handler component (lib/pfcp/handler.c). This function handles Packet Detection Rules (PDR) within the PFCP (Packet Forwarding Control Protocol) layer, which is critical for managing user plane traffic in 5G networks. An attacker can remotely trigger this vulnerability by sending crafted PFCP messages that manipulate the FAR-ID Handler, causing the software to dereference a NULL pointer. This results in a crash of the affected process, leading to denial of service (DoS). The attack complexity is high due to the need for precise message crafting and understanding of the PFCP protocol internals. The exploit does not require user interaction but does require low privileges, and no authentication is needed, increasing the attack surface. Although an exploit has been published, it is considered difficult to execute successfully. The vulnerability affects Open5GS versions 2.7.0 through 2.7.5. A patch has been released (commit 93a9fd98a8baa94289be3b982028201de4534e32) to address this issue by adding proper NULL checks and improving input validation in the affected function. This vulnerability is assigned a CVSS 4.0 score of 2.3, reflecting its low severity due to limited impact and exploitation difficulty.

The primary impact of CVE-2025-14953 is denial of service through a crash of the Open5GS process handling PFCP messages. For organizations deploying Open5GS as part of their 5G core network infrastructure, this can lead to temporary disruption of user plane traffic management, affecting network availability and potentially degrading mobile service quality. While the vulnerability does not directly compromise confidentiality or integrity, service outages in critical telecommunications infrastructure can have cascading effects on business operations, emergency services, and customer satisfaction. The difficulty of exploitation and the requirement for low privileges reduce the likelihood of widespread attacks, but targeted attackers with sufficient expertise could leverage this flaw to disrupt specific network segments. Given the increasing reliance on 5G networks globally, even short-term outages can have significant operational and reputational consequences for mobile network operators and their customers.

To mitigate CVE-2025-14953, organizations should promptly apply the official patch identified by commit 93a9fd98a8baa94289be3b982028201de4534e32, which corrects the NULL pointer dereference in the FAR-ID Handler. Network operators should also implement strict filtering and validation of PFCP messages at network boundaries to reduce exposure to malformed packets from untrusted sources. Deploying runtime monitoring and anomaly detection tools focused on PFCP traffic can help identify exploitation attempts early. Additionally, isolating critical Open5GS components in hardened environments with limited network access can reduce the attack surface. Regularly updating Open5GS to the latest stable versions and following secure coding and deployment best practices will further minimize risks. Finally, conducting penetration testing and vulnerability assessments on 5G core network implementations can help uncover similar issues proactively.