CVE-2025-44951

Published: Jun 18, 2025Modified: Jan 9, 2026

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A missing length check in `ogs_pfcp_dev_add` function from PFCP library, used by both smf and upf in open5gs 2.7.2 and earlier, allows a local attacker to cause a Buffer Overflow by changing the `session.dev` field with a value with length greater than 32.

Affected (1)

Products: Open5gs: Open5gs

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Open5gs Open5gs	Up to 2.7.2

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://gist.github.com/scmdcs/6d878d6074f0e2f4a8fb69e9864068b7

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/open5gs/open5gs/commit/e3dd98cd291fba233a46adb2881213fc6e38b924

Source: cve@mitre.org

https://github.com/open5gs/open5gs/issues/3775

Source: cve@mitre.org

ExploitIssue Tracking

Timeline

No history available yet.