CVE-2025-70122

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1

Description A heap buffer overflow exists in the UPF component of free5GC version 4.0.1. This flaw allows remote attackers to potentially cause a denial of service by sending a specially crafted PFCP Session Modification Request. The issue is located in the SDFFilterFields.UnmarshalBinary function (sdf-filter.go) and occurs when processing a declared length that exceeds the buffer's capacity, resulting in a runtime panic and UPF crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.