Is there a public PoC exploit available for CVE-2025-14953?

Yes, a public proof-of-concept exploit is available for CVE-2025-14953. Prioritise patching immediately. EPSS: 0.1%.

Is there a patch available for CVE-2025-14953?

Yes, a patch is available for CVE-2025-14953. Update the affected software to the latest version immediately.

Open5GS CVE-2025-14953

Q: What is the CVSS score of CVE-2025-14953?

CVE-2025-14953 has a CVSS 4.0 base score of 1.3 (Low). CVSS vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

LOW

Improper Resource Shutdown or Release (CWE-404)

2025-12-19 cna@vuldb.com

Denial Of Service Open5gs

1.3

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.3 LOW

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 29, 2026 - 01:38 vuln.today

DescriptionCVE.org

A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been published and may be used. This patch is called 93a9fd98a8baa94289be3b982028201de4534e32. It is advisable to implement a patch to correct this issue.

AnalysisAI

Null pointer dereference in Open5GS up to version 2.7.5 allows remote authenticated attackers to cause denial of service by sending manipulated PFCP (Packet Forwarding Control Protocol) packets that trigger improper handling in the FAR-ID handler component. The vulnerability requires high attack complexity and authenticated access, limiting real-world exploitation despite publicly available proof-of-concept code and a low CVSS score of 1.3 reflecting restricted impact scope.

Technical ContextAI

Open5GS implements the PFCP protocol handler in lib/pfcp/handler.c, specifically in the ogs_pfcp_handle_create_pdr function which processes PDR (Packet Detection Rule) creation requests. The vulnerability stems from a null pointer dereference (CWE-404) in the FAR-ID Handler component, a critical subsystem for forwarding action rule processing in 5G packet gateways. The flaw occurs when malformed PFCP control messages trigger dereferencing of an unvalidated pointer without proper null checks, allowing authenticated PFCP peers (typically UPF or SMF nodes in a 5G network) to induce application crashes.

RemediationAI

Apply the vendor-released patch by updating to a version containing commit 93a9fd98a8baa94289be3b982028201de4534e32 or later. Users can verify the fix by checking the Open5GS GitHub repository releases following this commit hash. As an interim mitigation pending patch deployment, restrict PFCP access to trusted UPF and SMF nodes only through network segmentation and firewall rules limiting PFCP port access (default port 8805/UDP and 8805/TCP) to known 5G control plane infrastructure. This mitigation reduces attack surface but does not eliminate the vulnerability if compromised internal nodes are present. Apply patches at the next maintenance window to restore full service resilience.

CVE-2025-14953 vulnerability details – vuln.today

Back