Login Sign Up

CVE-2025-14953

3.1 LOW
Denial of Service

📋 TL;DR

A null pointer dereference vulnerability in Open5GS's PFCP handler allows remote attackers to cause denial of service by crashing the service. This affects Open5GS deployments up to version 2.7.5 that handle PFCP protocol traffic. The vulnerability is in the FAR-ID handler component and requires specific network manipulation to exploit.

💻 Affected Systems

Products:
  • Open5GS
Versions: Up to and including 2.7.5
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using PFCP protocol handling; requires FAR-ID handler component to be active.

📦 What is this software?

Open5gs by Open5gs

View all CVEs affecting Open5gs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker causes service disruption through denial of service, potentially affecting 5G network functionality for connected devices.

🟠

Likely Case

Service crash requiring restart, causing temporary service interruption for affected network functions.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; service automatically restarts with minimal downtime.

🌐 Internet-Facing: MEDIUM - Attack requires remote access but exploitation complexity is high and specific network conditions needed.
🏢 Internal Only: MEDIUM - Internal attackers with network access could exploit, but still requires high complexity and specific conditions.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: HIGH

Exploit requires specific PFCP protocol manipulation; published exploit details exist but require technical expertise to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit 93a9fd98a8baa94289be3b982028201de4534e32 and later

Vendor Advisory: https://github.com/open5gs/open5gs/commit/93a9fd98a8baa94289be3b982028201de4534e32

Restart Required: Yes

Instructions:

1. Update Open5GS to latest version or apply specific commit 2. Rebuild from source if using custom build 3. Restart Open5GS services

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict PFCP protocol access to trusted network segments only

iptables -A INPUT -p udp --dport 8805 -s trusted_network -j ACCEPT
iptables -A INPUT -p udp --dport 8805 -j DROP

🧯 If You Can't Patch

  • Implement strict network access controls for PFCP port 8805/UDP
  • Deploy monitoring and automatic restart mechanisms for Open5GS services

🔍 How to Verify

Check if Vulnerable:

Check Open5GS version: open5gs --version or examine source code for commit hash

Check Version:

open5gs --version 2>&1 | grep -i version

Verify Fix Applied:

Verify commit 93a9fd98a8baa94289be3b982028201de4534e32 is present in source or version is newer than 2.7.5

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault in Open5GS logs
  • Service crash/restart events
  • PFCP handler error messages

Network Indicators:

  • Unusual PFCP protocol traffic patterns
  • Multiple connection attempts to port 8805/UDP

SIEM Query:

source="open5gs.log" AND ("segmentation fault" OR "null pointer" OR "crash")

📊 Metadata

CVE ID: CVE-2025-14953
CVSS v3 Score: 3.1 (LOW)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CWE: CWE-404
EPSS Score: 0.08% exploit probability (22.6th percentile)
Published: December 19, 2025
Last Updated: February 24, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-14953, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)