CVE-2025-44951

Name of the Vulnerable Software and Affected Versions open5gs versions 2.7.2 and earlier

Description A missing length check in the ogs pfcp dev add function from the PFCP library allows a local attacker to cause a Buffer Overflow by changing the session.dev field with a value with length greater than 32. This issue affects both smf and upf in open5gs.

Recommendations For open5gs versions 2.7.2 and earlier, as a temporary workaround, consider disabling the ogs pfcp dev add function until a patch is available. Restrict access to the PFCP library to minimize the risk of exploitation. Avoid using the session.dev field with values longer than 32 characters in the affected API endpoints until the issue is resolved.