CVE-2025-44952
BaseFortify
Publication date: 2025-06-18
Last updated on: 2025-07-09
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| open5gs | open5gs | to 2.7.2 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-44952 is a buffer overflow vulnerability in the PFCP library used by the SMF and UPF components of open5gs version 2.7.2 and earlier. It occurs because the function `ogs_pfcp_subnet_add` copies the `session.dnn` field from configuration files without checking its length. If a local attacker modifies the configuration to provide a `session.dnn` string longer than 101 characters, it causes a buffer overflow, potentially overwriting adjacent memory and causing unexpected behavior or crashes. [1]
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with access to modify configuration files to cause a buffer overflow in the affected open5gs components (SMF and UPF). This can lead to memory corruption, crashes, or potentially arbitrary code execution within these network functions, disrupting network services or compromising system stability. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking the length of the `session.dnn` field in the configuration files of the affected Open5GS components (smf and upf). Specifically, look for `dnn` strings longer than 101 characters, which can cause buffer overflow. Static code analysis tools like Flawfinder can be used to identify unsafe string copy functions such as `strcpy` in the source code. Additionally, reviewing configuration files for unusually long `dnn` values or monitoring for crashes or abnormal behavior in smf and upf components may help detect exploitation attempts. There are no specific commands provided, but inspecting configuration files and using static analysis tools are recommended approaches. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include ensuring that the `session.dnn` field values in configuration files do not exceed 101 characters to prevent buffer overflow. Updating the Open5GS software to a version where this vulnerability is fixed is recommended. The fix involves replacing unsafe string copy functions like `strcpy` with safer alternatives such as `snprintf`, `strcpy_s`, or `strlcpy` that enforce length checks. Restricting local access to configuration files to trusted users only can also reduce the risk of exploitation. [1, 2]