Null Pointer Dereference in Open5GS FAR-ID Handler by Open5GS
CVE-2025-14953

2.3LOW

Key Information:

Vendor

Open5GS

Status
Open5gs
Vendor
CVE Published:
19 December 2025

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2025-14953?

A null pointer dereference vulnerability has been identified in Open5GS versions up to 2.7.5, specifically in the function ogs_pfcp_handle_create_pdr within the FAR-ID Handler module. This flaw allows remote attackers to manipulate specific inputs, which can result in application crashes or unexpected behavior. Although the exploitation of this vulnerability is complex and requires a certain level of expertise, a published exploit exists. It is crucial for affected users to apply patch 93a9fd98a8baa94289be3b982028201de4534e32 to mitigate the risks associated with this vulnerability.

Affected Version(s)

Open5GS 2.7.0

Open5GS 2.7.1

Open5GS 2.7.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-14953 - Proof of Concept

References

https://vuldb.com/?id.337589
vdb-entrytechnical-description
https://vuldb.com/?ctiid.337589
signaturepermissions-required
https://vuldb.com/?submit.716799
third-party-advisory

CVSS V4

Score:
2.3
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZiyuLin (VulDB User)
JSON
.
CVE-2025-14953 : Null Pointer Dereference in Open5GS FAR-ID Handler by Open5GS