CVE-2025-69232

free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/free5gc/free5gc/issues/745	Exploit Issue Tracking Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-8m42-qw58-8362	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:free5gc:go-upf::::::go::*
	cpe:2.3:a:free5gc:smf::::::go::*

History

No history.

Information

Published : 2026-02-23 22:16

Updated : 2026-02-25 16:20

NVD link : CVE-2025-69232

Mitre link : CVE-2025-69232

CVE.ORG link : CVE-2025-69232

JSON object : View

Products Affected

free5gc

smf
go-upf

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2025-69232", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-23T22:16:20.893", "references": [{"url": "https://github.com/free5gc/free5gc/issues/745", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-8m42-qw58-8362", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended."}, {"lang": "es", "value": "free5GC es un proyecto de c\u00f3digo abierto para redes m\u00f3viles de n\u00facleo de 5\u00aa generaci\u00f3n (5G). free5GC go-upf versiones hasta la 1.2.6 inclusive, correspondientes a free5gc smf hasta la 1.4.0 inclusive, tienen una vulnerabilidad de Validaci\u00f3n de Entrada Inadecuada y Cumplimiento de Protocolo que conlleva a una Denegaci\u00f3n de Servicio. Los atacantes remotos pueden interrumpir la funcionalidad de la red de n\u00facleo enviando una Solicitud de Configuraci\u00f3n de Asociaci\u00f3n PFCP malformada. El UPF la acepta incorrectamente, entrando en un estado inconsistente que causa que las solicitudes leg\u00edtimas subsiguientes activen bucles de reconexi\u00f3n del SMF y degradaci\u00f3n del servicio. Todas las implementaciones de free5GC que utilizan los componentes UPF y SMF pueden verse afectadas. En el momento de la publicaci\u00f3n, se est\u00e1 desarrollando una correcci\u00f3n pero a\u00fan no est\u00e1 disponible. No hay una soluci\u00f3n alternativa directa disponible a nivel de aplicaci\u00f3n. Se recomienda aplicar el parche oficial, una vez lanzado."}], "lastModified": "2026-02-25T16:20:24.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:go-upf:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "57D72E31-350F-4DC7-B95E-900533B3BA53", "versionEndIncluding": "1.2.6"}, {"criteria": "cpe:2.3:a:free5gc:smf:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "9BF91964-A7DD-4951-953F-060BCF92D73F", "versionEndIncluding": "1.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}