CVE-2025-14955 identifies a vulnerability in Open5GS, an open-source 5G core network software, specifically affecting versions 2.7.0 through 2.7.5. The issue resides in the function ogs_pfcp_handle_create_pdr within the PFCP (Packet Forwarding Control Protocol) component, implemented in lib/pfcp/handler.c. The vulnerability stems from improper initialization during the handling of PFCP Create PDR (Packet Detection Rule) messages. Improper initialization can lead to unpredictable behavior or memory corruption, potentially allowing an attacker to disrupt the normal operation of the PFCP component. The vulnerability can be triggered remotely without requiring authentication or user interaction, increasing the attack surface. However, the attack complexity is high, indicating that exploitation requires significant expertise or specific conditions. The CVSS v4.0 base score is 6.3, reflecting a medium severity level. The impact vector indicates no compromise of confidentiality, integrity, or availability beyond limited impact on integrity (VA:L). The vulnerability does not affect confidentiality or availability and does not require privileges or user interaction. The patch identified by commit 773117aa5472af26fc9f80e608d3386504c3bdb7 addresses the improper initialization issue. No known exploits are currently active in the wild, but the exploit code has been publicly disclosed, increasing the risk of future exploitation. Open5GS is widely used by telecom operators, research institutions, and enterprises deploying private 5G networks, making this vulnerability relevant to the telecommunications sector.

The primary impact of CVE-2025-14955 is on the integrity of the PFCP component within Open5GS, which is critical for managing packet forwarding rules in 5G core networks. Successful exploitation could cause unexpected behavior or partial disruption of PFCP message processing, potentially leading to degraded network performance or denial of service in packet forwarding functions. While the vulnerability does not directly compromise confidentiality or availability, any disruption in PFCP processing can affect the reliability and stability of 5G network services. Telecom operators and service providers relying on Open5GS for their 5G core infrastructure may experience service degradation or interruptions, impacting end-user connectivity and service quality. Given the high complexity of exploitation, widespread attacks are less likely but targeted attacks against specific networks remain a concern. The public availability of exploit code increases the urgency for patching to prevent attackers from developing reliable exploits. Organizations operating private or public 5G networks with Open5GS deployments are at risk, especially those unable to promptly apply security updates.

To mitigate CVE-2025-14955, organizations should immediately apply the official patch identified by commit 773117aa5472af26fc9f80e608d3386504c3bdb7 to all affected Open5GS instances. Network operators should verify their Open5GS version and upgrade to a fixed version beyond 2.7.5. In addition to patching, it is recommended to implement strict network segmentation and firewall rules to restrict access to PFCP interfaces, limiting exposure to untrusted networks. Monitoring and logging of PFCP traffic should be enhanced to detect anomalous or malformed Create PDR messages that could indicate exploitation attempts. Employing intrusion detection systems (IDS) with signatures for known exploit patterns can provide early warning. Regular security audits and vulnerability assessments of 5G core components should be conducted to identify and remediate similar issues proactively. Finally, maintaining an up-to-date inventory of Open5GS deployments and ensuring rapid patch management processes are critical to minimizing exposure.