CVE-2025-29632

Name of the Vulnerable Software and Affected Versions Free5gc version 4.0.0

Description The issue allows a remote attacker to cause a denial of service. It involves components such as AMF, NGAP, security.go, handler generated.go, and specific functions like handleInitialUEMessageMain, DecodePlainNasNoIntegrityCheck, and GetSecurityHeaderType.

Recommendations For Free5gc version 4.0.0, consider disabling the handleInitialUEMessageMain function or restricting access to the NGAP and AMF components until a patch is available. Additionally, avoid using the DecodePlainNasNoIntegrityCheck and GetSecurityHeaderType functions in the affected components to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.