CVE-2025-14955
CVE-2025-14955 is a low-severity vulnerability in Open5gs with a CVSS 3.x base score of 3.7. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-665.
Key facts
- Severity: Low (CVSS 3.x base score 3.7)
- CVSS v2: 2.6
- CVSS v4: 2.9
- EPSS exploit prediction: 0% (37th percentile)
- Actively exploited: Not listed in CISA KEV
- EU (EUVD) id: EUVD-2025-204568
- Weakness: CWE-665
- Affected product: Open5gs
- Published:
- Last modified:
Description
A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. The patch is identified as 773117aa5472af26fc9f80e608d3386504c3bdb7. It is best practice to apply a patch to resolve this issue.
Frequently asked questions
- What is CVE-2025-14955?
- A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. The patch is identified as 773117aa5472af26fc9f80e608d3386504c3bdb7. It is best practice to apply a patch to resolve this issue.
- How severe is CVE-2025-14955?
- CVE-2025-14955 has a CVSS 3.x base score of 3.7, rated low severity. It is exploitable over network with high attack complexity, requires no privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability low.
- Is CVE-2025-14955 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (37th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2025-14955?
- CVE-2025-14955 affects Open5gs. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2025-14955?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- Does CVE-2025-14955 have an EU (EUVD) identifier?
- Yes. CVE-2025-14955 is tracked in the ENISA EU Vulnerability Database (EUVD) as EUVD-2025-204568.
- When was CVE-2025-14955 published?
- CVE-2025-14955 was published on 2025-12-19 and last updated on 2026-06-17.
References
- https://github.com/open5gs/open5gs/
- https://github.com/open5gs/open5gs/commit/773117aa5472af26fc9f80e608d3386504c3bdb7
- https://github.com/open5gs/open5gs/issues/4182
- https://github.com/open5gs/open5gs/issues/4182#issue-3670797098
- https://github.com/open5gs/open5gs/issues/4182#issuecomment-3616081878
- https://vuldb.com/?ctiid.337591
- https://vuldb.com/?id.337591
- https://vuldb.com/?submit.716841
Affected products (1)
- cpe:2.3:a:open5gs:open5gs:*:*:*:*:*:*:*:*
More vulnerabilities in Open5gs
- CVE-2024-40130 — Critical (CVSS 9.8): open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
- CVE-2024-40129 — Critical (CVSS 9.8): Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
- CVE-2021-28122 — Critical (CVSS 9.8): A request-validation issue was discovered in Open5GS 2.1.3 through 2.2.x before 2.2.1. The WebUI component allows an…
- CVE-2021-25863 — High (CVSS 8.8): Open5GS 2.1.3 listens on 0.0.0.0:3000 and has a default password of 1423 for the admin account.
- CVE-2024-24429 — High (CVSS 8.6): A reachable assertion in the nas_eps_send_emm_to_esm function of Open5GS <= 2.6.4 allows attackers to cause a Denial of…
- CVE-2024-34235 — High (CVSS 8.6): Open5GS MME versions <= 2.6.4 contains an assertion that can be remotely triggered via a malformed ASN.1 packet over…
Other CWE-665 (Improper Initialization) vulnerabilities
- CVE-2021-33635 — Critical (CVSS 9.8): When malicious images are pulled by isula pull, attackers can execute arbitrary code.
- CVE-2022-37128 — Critical (CVSS 9.8): In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end.
- CVE-2021-41264 — Critical (CVSS 9.8): OpenZeppelin Contracts is a library for smart contract development. In affected versions upgradeable contracts using…
- CVE-2019-10196 — Critical (CVSS 9.8): A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option…
- CVE-2015-8367 — Critical (CVSS 9.8): The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute…
- CVE-2019-14271 — Critical (CVSS 9.8): In Docker 19.03.x before 19.03.1 linked against the GNU C Library (aka glibc), code injection can occur when the…
Browse all CWE-665 (Improper Initialization) vulnerabilities →