What is the CVSS score of EUVD-2025-18654?

EUVD-2025-18654 has a CVSS 3.1 base score of 7.8 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

Which versions of Open5gs are affected by EUVD-2025-18654?

Open5gs versions 2.7.2 and earlier contain a buffer overflow vulnerability in the PFCP library affecting both Session Management Function (SMF) and User Plane Function (UPF) components.

Is there a public PoC exploit available for EUVD-2025-18654?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18654. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate EUVD-2025-18654?

Within 24 hours: inventory all systems running open5gs 2.7.2 or earlier and isolate affected SMF/UPF instances from untrusted local access; implement enhanced monitoring for abnormal session.dnn field values. Within 7 days: restrict local access to open5gs systems through OS-level access controls and network segmentation, and monitor vendor advisories for patch availability. Within 30 days: deploy patched versions immediately upon release, or migrate to alternative 5G core implementations if no patch timeline is provided.

Open5gs EUVD-2025-18654

| CVE-2025-44952 HIGH

Classic Buffer Overflow (CWE-120)

2025-06-18 cve@mitre.org

Buffer Overflow Denial Of Service Open5gs

7.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.8 HIGH

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 22:49 euvd

EUVD-2025-18654

Analysis Generated

Mar 14, 2026 - 22:49 vuln.today

PoC Detected

Jul 09, 2025 - 18:33 vuln.today

Public exploit code

CVE Published

Jun 18, 2025 - 16:15 nvd

HIGH 7.8

DescriptionCVE.org

A missing length check in ogs_pfcp_subnet_add function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101.

AnalysisAI

A buffer overflow vulnerability (CVSS 7.8) that allows a local attacker. Risk factors: public PoC available.

Technical ContextAI

CWE-120 (Classic Buffer Overflow). CVSS 7.8 indicates high severity.

RemediationAI

Monitor vendor channels for patch availability. Consider network segmentation to limit exposure if patching is delayed.

Vendor StatusVendor

Debian

Bug #1094791

open5gs

Release	Status	Fixed Version	Urgency
	open	-	-

EUVD-2025-18654 vulnerability details – vuln.today

Back

Open5gs EUVD-2025-18654

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

Debian

Share

External POC / Exploit Code