CVE-2025-69247 in Free5GCالمعلومات

الملخص

بحسب MITRE • 24/02/2026

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

30/12/2025

إفشاء

24/02/2026

الاعتدال

تمت الموافقة

إدخال

VDB-347456

CPE

جاهز

CWE

CWE-122 (مؤكد)

CVSS

7.3 (VulDB)

EPSS

0.00246

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-69247
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-69247
CVE Details	https://www.cvedetails.com/cve/CVE-2025-69247/

التالي ▸نظرة عامة ◂ السابق

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!