CVE-2026-25659 in Packet Core Gateway
Summary
by MITRE • 06/05/2026
Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 06/05/2026
The Ericsson Packet Core Gateway represents a critical component in telecommunications infrastructure serving as a central hub for managing packet data traffic within mobile networks. This system handles vast amounts of signaling and user data, making its stability and reliability paramount to network operations. The vulnerability under examination manifests as an improper handling of missing values within the system's processing logic, a weakness categorized under CWE-230 which specifically addresses issues arising from inadequate handling of missing or null data elements. When an attacker exploits this vulnerability through continuous injection of specially crafted messages, the system's normal operational flow becomes disrupted, leading to service degradation that directly impacts network performance and user experience.
The technical flaw operates through a fundamental failure in input validation and error handling mechanisms within the PCG's message processing pipeline. When legitimate messages contain missing or malformed data elements that the system cannot properly interpret, the gateway's handling routines fail to gracefully manage these conditions, resulting in cascading failures that manifest as service degradation. This vulnerability demonstrates a classic example of how insufficient data validation can lead to denial of service conditions, where the attacker's crafted messages exploit the system's inability to properly process missing values, causing the gateway to enter unstable states that consume excessive resources or trigger operational failures.
The operational impact of this vulnerability extends beyond simple service interruption to encompass broader network reliability concerns. During active attack phases, network operators experience degraded performance that can affect multiple services simultaneously, as the packet core gateway serves as a foundational element for routing and managing data traffic across the entire network infrastructure. The persistent nature of the attack means that service degradation continues as long as malicious traffic flows remain active, creating ongoing operational challenges for network administrators who must monitor and respond to these conditions. However, the system demonstrates a recovery mechanism that allows it to return to normal operation once the attack ceases, indicating that the vulnerability primarily causes temporary disruption rather than permanent damage to the system's integrity.
From a cybersecurity perspective, this vulnerability aligns with tactics and techniques described in the ATT&CK framework under the service disruption category, specifically targeting network infrastructure to create operational chaos. The attack vector represents a form of resource exhaustion attack that leverages protocol-level weaknesses rather than exploiting cryptographic vulnerabilities, making it particularly challenging to detect and mitigate through traditional security measures. Network defenders should implement robust monitoring protocols to identify unusual message patterns that could indicate exploitation attempts, while also ensuring proper input validation mechanisms are in place to prevent similar issues from occurring in other system components. The vulnerability underscores the importance of comprehensive testing for edge cases and missing data scenarios in telecommunications systems, particularly in critical infrastructure where reliability directly impacts service availability for end users.