CVE-2025-65562

Name of the Vulnerable Software and Affected Versions free5GC UPF versions prior to 4.1.0

Description The free5GC UPF is susceptible to a denial of service due to insufficient bounds checking on the Session ID (SEID) when handling PFCP Session Deletion Requests. An unauthenticated remote attacker can exploit this by sending a request containing a large SEID value, such as 0xFFFFFFFFFFFFFFFF. This causes an integer conversion/underflow within the LocalNode.DeleteSess() and LocalNode.Sess() functions during the conversion of a uint64 SEID to an int, leading to a negative index when used in array access. This results in a Go runtime panic and a crash of the UPF component. The issue was reproduced on version 4.1.0, and other versions may also be affected. The vulnerable code is located in internal/pfcp/node.go.

Recommendations Update to a version of free5GC UPF later than 4.1.0.