CVE-2025-14955

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-14955

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14955.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-14955

Published

2025-12-19T17:15:51.270Z

Modified

2026-03-15T22:50:31.554121Z

Severity

2.9 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator

Summary

[none]

Details

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. The patch is identified as 773117aa5472af26fc9f80e608d3386504c3bdb7. It is best practice to apply a patch to resolve this issue.

References

Affected packages

Git / github.com/open5gs/open5gs

Affected ranges

Type

GIT

Repo

https://github.com/open5gs/open5gs

Events

Introduced

Last affected

7dfd9a39649700c24c22f1978ed7a35541a72cca

Fixed

773117aa5472af26fc9f80e608d3386504c3bdb7

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.7.5"
        }
    ]
}

Affected versions

v0.*

v0.1.0

v0.1.1

v0.2.0

v0.3.0

v0.3.1

v0.3.10

v0.3.11

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.8

v0.3.9

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v2.*

v2.0.0

v2.0.18

v2.0.22

v2.1.0

v2.1.1

v2.1.3

v2.1.4

v2.1.5

v2.1.7

v2.2.0

v2.2.1

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.6

v2.4.0

v2.4.1

v2.4.3

v2.4.4

v2.4.5

v2.4.7

v2.4.8

v2.4.9

v2.6.1

v2.6.2

v2.6.3

v2.6.4

v2.6.6

v2.7.0

v2.7.1

v2.7.2

v2.7.5

v2.7.6

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-14955.json"

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2025-14955-4fda2601",
        "source": "https://github.com/open5gs/open5gs/commit/773117aa5472af26fc9f80e608d3386504c3bdb7",
        "signature_version": "v1",
        "target": {
            "function": "ogs_pfcp_handle_create_pdr",
            "file": "lib/pfcp/handler.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "152782962405007142605793695270104733833",
            "length": 8980.0
        }
    },
    {
        "signature_type": "Line",
        "id": "CVE-2025-14955-85d6bee9",
        "source": "https://github.com/open5gs/open5gs/commit/773117aa5472af26fc9f80e608d3386504c3bdb7",
        "signature_version": "v1",
        "target": {
            "file": "lib/pfcp/handler.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "299554936158115226054326853615637524750",
                "303470008693833093473689665733959510447",
                "241307851247972046744421941027498078605",
                "180383687568930561154123117682055473886",
                "194471015358615295103173957815778480626",
                "231762892789112490637536994296411500791",
                "6125921720732050285900983634811035769",
                "221443957132251680482946193479026216204"
            ]
        }
    }
]