CVE-2025-14954 is a vulnerability identified in Open5GS, an open-source 5G core network implementation, specifically in versions 2.7.0 through 2.7.6. The issue resides in the PFCP (Packet Forwarding Control Protocol) context management functions: ogs_pfcp_pdr_find_or_add, ogs_pfcp_far_find_or_add, ogs_pfcp_urr_find_or_add, and ogs_pfcp_qer_find_or_add within the lib/pfcp/context.c source file. These functions handle the creation or retrieval of PFCP entities such as PDR (Packet Detection Rule), FAR (Forwarding Action Rule), URR (Usage Reporting Rule), and QER (QoS Enforcement Rule). The vulnerability manifests as a reachable assertion failure, which can be triggered remotely by an attacker sending crafted PFCP messages. This assertion failure can cause the Open5GS process to terminate unexpectedly, resulting in denial of service conditions. The attack does not require authentication or user interaction but has a high complexity rating, indicating that successful exploitation demands deep protocol knowledge and precise message crafting. The vulnerability was publicly disclosed on December 19, 2025, with a patch identified by commit 442369dcd964f03d95429a6a01a57ed21f7779b7 recommended to remediate the issue. The CVSS 4.0 vector (AV:N/AC:H/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P) reflects a network attack vector with high complexity, no privileges or user interaction required, and limited impact on availability. No known exploits have been observed in the wild to date.

The primary impact of this vulnerability is denial of service due to assertion failures causing Open5GS components to crash or restart. This can disrupt 5G core network functions such as session management, QoS enforcement, and usage reporting, potentially degrading network reliability and availability. For telecom operators and service providers relying on Open5GS, this could lead to service interruptions affecting end-users, impacting voice, data, and signaling services. While the vulnerability does not appear to allow remote code execution or data compromise, the loss of availability in critical 5G infrastructure components can have significant operational and financial consequences. The high complexity of exploitation reduces the likelihood of widespread attacks but does not eliminate risk, especially from well-resourced adversaries targeting telecom infrastructure. The vulnerability's presence in multiple PFCP-related functions increases the attack surface within the 5G control plane.

Organizations running Open5GS versions 2.7.0 through 2.7.6 should prioritize applying the official patch identified by commit 442369dcd964f03d95429a6a01a57ed21f7779b7 to remediate this vulnerability. Network operators should also implement strict filtering and validation of PFCP traffic at network boundaries to limit exposure to potentially malicious packets. Deploying monitoring and anomaly detection focused on PFCP message patterns can help identify exploitation attempts. Segmentation of 5G core network components and limiting access to PFCP interfaces to trusted management networks reduces the attack surface. Regularly updating Open5GS and other 5G core components to the latest stable versions is critical. Additionally, conducting security audits and penetration testing on 5G core implementations can uncover similar logic flaws before exploitation. Operators should maintain incident response plans tailored to 5G network disruptions.