CVE-2025-14954 is a vulnerability identified in Open5GS, an open-source 5G core network implementation widely used for mobile network infrastructure. The flaw resides in the PFCP (Packet Forwarding Control Protocol) context management within the functions ogs_pfcp_pdr_find_or_add, ogs_pfcp_far_find_or_add, ogs_pfcp_urr_find_or_add, and ogs_pfcp_qer_find_or_add located in lib/pfcp/context.c. These functions handle the creation or retrieval of PFCP entities such as PDR (Packet Detection Rules), FAR (Forwarding Action Rules), URR (Usage Reporting Rules), and QER (QoS Enforcement Rules). The vulnerability manifests as a reachable assertion failure, which can be triggered remotely by sending crafted PFCP messages. This assertion failure can cause the Open5GS process to terminate unexpectedly, leading to a denial of service condition. The attack complexity is rated high, indicating that exploitation requires significant skill or specific conditions, and no authentication or user interaction is needed. The vulnerability affects Open5GS versions 2.7.0 through 2.7.6. Although the exploitability is difficult, the vulnerability has been publicly disclosed, increasing the risk of future exploitation. The patch identified by commit 442369dcd964f03d95429a6a01a57ed21f7779b7 addresses this issue by correcting the assertion logic and improving input validation in the affected functions. The CVSS 4.0 base score is 6.3 (medium severity), reflecting a network attack vector with high complexity but no privileges or user interaction required, and limited impact confined to availability degradation. No known exploits are currently active in the wild, but the public disclosure necessitates prompt remediation.

For European organizations, especially telecom operators and infrastructure providers deploying Open5GS as part of their 5G core network, this vulnerability poses a risk of service disruption due to denial of service attacks. An attacker could remotely cause the Open5GS core components to crash by exploiting the reachable assertion, potentially interrupting mobile network services such as data forwarding, QoS enforcement, and usage reporting. This could degrade network availability, impacting end-users and enterprise customers relying on 5G connectivity. Given the critical role of 5G networks in supporting digital services, IoT, and critical communications, even temporary outages can have significant operational and reputational consequences. The high attack complexity and lack of known exploits reduce immediate risk, but the public disclosure increases the likelihood of future attempts. Organizations operating Open5GS in Europe must consider this vulnerability in their risk assessments, particularly those in countries with advanced 5G rollouts and high reliance on open-source core network components.

1. Apply the official patch corresponding to commit 442369dcd964f03d95429a6a01a57ed21f7779b7 immediately to all affected Open5GS instances. 2. Conduct thorough testing in staging environments before deployment to ensure stability and compatibility. 3. Implement strict network segmentation and firewall rules to restrict PFCP traffic to trusted network segments and known peers only, minimizing exposure to untrusted sources. 4. Deploy continuous monitoring and anomaly detection for PFCP protocol traffic to identify unusual patterns or malformed messages that could indicate exploitation attempts. 5. Maintain up-to-date inventories of Open5GS deployments and versions to prioritize patching efforts. 6. Engage with Open5GS community and vendors for ongoing security updates and best practices. 7. Consider fallback or redundancy mechanisms in the 5G core network architecture to mitigate potential service disruptions. 8. Train network operations teams on the specifics of this vulnerability and response procedures in case of incidents.