Buffer Overflow Vulnerability in PFCP Library of Open5GS
CVE-2025-44952

7.8HIGH

Key Information:

Vendor: Open5GS
Status: PFCP Library
Vendor: CVE Published:; 18 June 2025

What is CVE-2025-44952?

A vulnerability in the PFCP library of Open5GS allows local attackers to exploit a missing length check in the ogs_pfcp_subnet_add function. By manipulating the session.dnn field to exceed the expected length of 101, an attacker can trigger a buffer overflow, potentially leading to unauthorized access or system instability. This impacts Open5GS versions 2.7.2 and earlier, highlighting the importance of secure coding practices to mitigate such risks.

References

https://github.com/open5gs/open5gs/issues/3775

https://gist.github.com/scemodicecosa/8643fbfc9490f40e955...

https://gist.github.com/scmdcs/8643fbfc9490f40e955e9f9e9b...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2025
Vulnerability Reserved
Apr 22, 2025