CVE-2025-14955

Name: CVE-2025-14955
Creator: NVD / NIST
Published: 2025-12-19T17:15:51.27+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

LOWCVSS 2.9/10EPSS 0.47%

Last modified Jun 17, 2026

CVE-2025-14955 is a low-severity vulnerability rated 2.9/10 on the CVSS scale. A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. EPSS estimates a 0.47% chance of exploitation in the next 30 days.

Description

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is characterized by high complexity. The exploitation appears to be difficult. The exploit has been made public and could be used. The patch is identified as 773117aa5472af26fc9f80e608d3386504c3bdb7. It is best practice to apply a patch to resolve this issue.

Metrics

CVSS 3.1

3.7/10

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS 4.0

2.9/10

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.47%

37.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-665

Affected Software

Vendor	Product	Versions
Open5gs	Open5gs	<= 2.7.5

References

https://github.com/open5gs/open5gs/
https://github.com/open5gs/open5gs/commit/773117aa5472af26fc9f80e608d3386504c3bdb7Patch
https://github.com/open5gs/open5gs/issues/4182Exploit, Issue Tracking, Vendor Advisory
https://github.com/open5gs/open5gs/issues/4182#issue-3670797098Exploit, Issue Tracking, Vendor Advisory
https://github.com/open5gs/open5gs/issues/4182#issuecomment-3616081878Issue Tracking
https://vuldb.com/?ctiid.337591Permissions Required, VDB Entry
https://vuldb.com/?id.337591Third Party Advisory, VDB Entry
https://vuldb.com/?submit.716841Third Party Advisory, VDB Entry
https://github.com/open5gs/open5gs/issues/4182Exploit, Issue Tracking, Vendor Advisory
https://github.com/open5gs/open5gs/issues/4182#issue-3670797098Exploit, Issue Tracking, Vendor Advisory
https://github.com/open5gs/open5gs/issues/4182#issuecomment-3616081878Issue Tracking

Timeline

Published: Dec 19, 2025
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2025-14955?

How severe is CVE-2025-14955?

CVE-2025-14955 has a CVSS score of 2.9/10 (LOW severity). The EPSS model estimates a 0.47% probability of exploitation in the next 30 days.

How do I fix CVE-2025-14955?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-14955?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST