CNNVD-202512-3778 Information

CNNVD ID

CNNVD-202512-3778

Related CVE

CVE-2025-14953

• CNNVD Published: 2025-12-19

Description (Chinese)

Open5GS是Open5GS开源的一个 5G Core 和 Epc 的 C 语言开源实现，即 Lte/Nr 网络的核心网络。 Open5GS 2.7.5及之前版本存在代码问题漏洞，该漏洞源于FAR-ID Handler组件中函数ogs_pfcp_handle_create_pdr的错误操作，可能导致空指针取消引用。

Description (English)

Open5GS is a 5G Core and Epc open-language C open source of Open5GS, the core network of the Lte/Nr network. Open5GS 2.7.5 and previous versions have a code problem loophole, which stems from the error of the function ogs pfcp handle create pdr of the FAR-ID Handler component, which may lead to an empty pointer cancellation of the reference.

Hazard Level

Critical

Vulnerability Type

代码问题

Affected Vendor

Open5GS

Published

2025-12-19

Last Modified

2026-02-24

References

https://vuldb.com/?submit.716799 https://github.com/open5gs/open5gs/issues/4179#issue-3666399406 https://github.com/open5gs/open5gs/commit/93a9fd98a8baa94289be3b982028201de4534e32 https://vuldb.com/?ctiid.337589 https://github.com/open5gs/open5gs/issues/4179#issuecomment-3614868758 https://vuldb.com/?id.337589 https://access.redhat.com/security/cve/cve-2025-14953

Patch

https://open5gs.org/