CVE-2025-29339

Name of the Vulnerable Software and Affected Versions Open5GS UPF versions up to v2.7.2

Description The issue results in an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type = 0, the UPF fails to handle the invalid value, triggering a fatal assertion check and causing a daemon crash.

Recommendations For Open5GS UPF versions up to v2.7.2, update to a version later than v2.7.2 to resolve the issue. As a temporary workaround, consider restricting the PDN Type parameter in the PFCP Session Establishment Request to prevent the assertion failure.