CVE-2025-44951 is a buffer overflow vulnerability identified in the PFCP (Packet Forwarding Control Protocol) library used by Open5GS versions 2.7.2 and earlier. The vulnerability arises from a missing length check in the function `ogs_pfcp_dev_add`, specifically when handling the `session.dev` field. This field is intended to hold a value with a maximum length of 32 bytes, but the absence of proper validation allows a local attacker to supply a value exceeding this length. As a result, the attacker can trigger a buffer overflow condition. Given that PFCP is a critical protocol used in 5G core network components such as the Session Management Function (SMF) and User Plane Function (UPF), exploitation of this vulnerability could lead to memory corruption, potentially causing application crashes, denial of service, or even arbitrary code execution within these network functions. The vulnerability requires local access to the affected system, as the attacker must be able to invoke the vulnerable function with a crafted `session.dev` field. There is no indication that remote exploitation is possible without local privileges. No known exploits are currently reported in the wild, and no patches or fixes have been linked yet. The vulnerability was reserved in April 2025 and published in June 2025, indicating it is a recent discovery. The lack of a CVSS score suggests that the severity assessment must be inferred from the technical details. Overall, this vulnerability poses a significant risk to the integrity and availability of 5G core network components running Open5GS, particularly in environments where local access is attainable by an attacker.

For European organizations, especially telecommunications providers and enterprises deploying private 5G networks, this vulnerability could have serious consequences. Open5GS is an open-source 5G core network implementation widely used for research, development, and increasingly in production environments. A successful exploitation could disrupt critical 5G network functions, leading to service outages affecting end-users and enterprise customers. This could degrade network availability and reliability, impacting sectors reliant on 5G connectivity such as manufacturing, transportation, healthcare, and public safety. Furthermore, if exploited to execute arbitrary code, attackers could gain control over SMF or UPF components, potentially enabling further lateral movement within the network or manipulation of user sessions, compromising confidentiality and integrity of data flows. Given the strategic importance of 5G infrastructure in Europe’s digital economy and critical infrastructure, such disruptions could have cascading effects on national security and economic stability. The requirement for local access somewhat limits the attack surface to insiders or attackers who have already breached perimeter defenses, but the impact remains high due to the critical role of the affected components.

1. Immediate mitigation should focus on restricting local access to systems running Open5GS SMF and UPF components. Implement strict access controls, including multi-factor authentication and network segmentation, to limit potential attackers’ ability to reach these services. 2. Monitor logs and system behavior for unusual activity related to PFCP session management, particularly any attempts to set or modify the `session.dev` field with abnormal lengths. 3. Apply runtime protections such as Address Space Layout Randomization (ASLR), stack canaries, and memory protection mechanisms to reduce the risk of successful exploitation of buffer overflows. 4. Engage with the Open5GS community or vendors to obtain patches or updates addressing this vulnerability as soon as they become available. 5. Conduct code audits and fuzz testing on the PFCP library and related functions to identify and remediate similar input validation issues proactively. 6. For organizations deploying Open5GS in production, consider deploying intrusion detection systems (IDS) or endpoint detection and response (EDR) solutions capable of detecting exploitation attempts targeting buffer overflow conditions. 7. Establish incident response plans specifically tailored to 5G core network components to ensure rapid containment and recovery in case of exploitation.