CVE-2025-69252

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/free5gc/free5gc/issues/752	Exploit Issue Tracking Patch Vendor Advisory
https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm	Patch Vendor Advisory
https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998	Patch
https://github.com/free5gc/udm/pull/76	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*

History

No history.

Information

Published : 2026-02-24 00:16

Updated : 2026-02-25 16:46

NVD link : CVE-2025-69252

Mitre link : CVE-2025-69252

CVE.ORG link : CVE-2025-69252

JSON object : View

Products Affected

free5gc

udm

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2025-69252", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-02-24T00:16:18.707", "references": [{"url": "https://github.com/free5gc/free5gc/issues/752", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/free5gc/security/advisories/GHSA-v8cv-qvf6-9rpm", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/free5gc/udm/pull/76", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. Versions up to and including 1.4.1 have a NULL Pointer Dereference vulnerability. Remote unauthenticated attackers can trigger a service panic (Denial of Service) by sending a crafted PUT request with an unexpected ueId, crashing the UDM service. All deployments of free5GC using the UDM component may be affected. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended."}, {"lang": "es", "value": "free5gc UDM proporciona Gesti\u00f3n Unificada de Datos (UDM) para free5GC, un proyecto de c\u00f3digo abierto para redes centrales m\u00f3viles de 5\u00aa generaci\u00f3n (5G). Las versiones hasta la 1.4.1 inclusive tienen una vulnerabilidad de desreferencia de puntero NULL. Atacantes remotos no autenticados pueden desencadenar un p\u00e1nico del servicio (Denegaci\u00f3n de servicio) enviando una solicitud PUT manipulada con un ueId inesperado, lo que provoca la ca\u00edda del servicio UDM. Todas las implementaciones de free5GC que utilizan el componente UDM pueden verse afectadas. La solicitud de extracci\u00f3n 76 de free5gc/udm contiene una correcci\u00f3n para el problema. No hay una soluci\u00f3n alternativa directa disponible a nivel de aplicaci\u00f3n. Se recomienda aplicar el parche oficial."}], "lastModified": "2026-02-25T16:46:15.720", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:free5gc:udm:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "D54382D2-F895-4384-9D82-597709AAE7A7", "versionEndIncluding": "1.4.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}