CVE-2025-44952

Name of the Vulnerable Software and Affected Versions open5gs versions 2.7.2 and earlier

Description A missing length check in the ogs pfcp subnet add function from the PFCP library allows a local attacker to cause a Buffer Overflow by changing the session.dnn field with a value with length greater than 101.

Recommendations For open5gs versions 2.7.2 and earlier, as a temporary workaround, consider restricting access to the ogs pfcp subnet add function until a patch is available. Avoid using the session.dnn field with values longer than 101 characters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.