CVE-2025-44952 is a buffer overflow vulnerability identified in the PFCP (Packet Forwarding Control Protocol) library used by Open5GS, an open-source 5G core network implementation. Specifically, the flaw exists in the function `ogs_pfcp_subnet_add`, which is responsible for handling subnet additions within PFCP messages. The vulnerability arises due to a missing length check on the `session.dnn` field, which is intended to hold the Data Network Name (DNN) associated with a session. If a local attacker modifies the `session.dnn` field with a value exceeding 101 characters, the lack of proper bounds checking leads to a buffer overflow condition. This can result in memory corruption, potentially allowing the attacker to execute arbitrary code or cause a denial of service (DoS) by crashing the affected process. The vulnerability affects Open5GS version 2.7.2 and earlier. Both the SMF (Session Management Function) and UPF (User Plane Function) components, which rely on the PFCP library, are impacted. Since the vulnerability requires local access to the system to manipulate the `session.dnn` field, remote exploitation is not directly feasible without prior compromise. No known exploits are currently reported in the wild, and no patches or fixes have been published at the time of disclosure. The absence of a CVSS score indicates that the vulnerability is newly disclosed and has not yet undergone formal severity assessment. However, the technical details suggest a significant risk due to the potential for memory corruption and code execution in critical 5G core network components.

For European organizations deploying Open5GS in their 5G core network infrastructure, this vulnerability poses a serious risk to the confidentiality, integrity, and availability of their mobile network services. Exploitation could allow a local attacker, such as a malicious insider or compromised system user, to execute arbitrary code within SMF or UPF processes, potentially leading to full control over session management or user plane forwarding. This could disrupt mobile data services, intercept or manipulate user traffic, or cause network outages. Given the critical role of 5G core networks in supporting telecommunications, industrial IoT, and critical infrastructure, exploitation could have cascading effects on business operations and public safety. The requirement for local access limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or shared access. Additionally, the lack of patches means organizations remain exposed until mitigations or updates are applied. The vulnerability could also be leveraged as part of a multi-stage attack where initial access is gained through other means, then escalated via this buffer overflow to compromise core network functions.

1. Immediate mitigation should focus on restricting local access to systems running Open5GS SMF and UPF components, enforcing strict access controls and monitoring for unauthorized user activity. 2. Implement application-level sandboxing or process isolation to limit the impact of potential exploitation within the PFCP library processes. 3. Conduct thorough input validation and sanitization on the `session.dnn` field at higher layers if possible, to prevent oversized values from reaching the vulnerable function. 4. Monitor logs and network traffic for anomalous PFCP messages or unusual session parameter modifications that could indicate exploitation attempts. 5. Engage with the Open5GS community or vendors for updates and patches addressing this vulnerability, and plan for rapid deployment once available. 6. Consider deploying intrusion detection or prevention systems tailored to 5G core protocols to detect exploitation attempts. 7. Perform regular security audits and penetration testing focused on 5G core components to identify and remediate similar vulnerabilities proactively.