PT-2025-52287 · Unknown+1 · Upf-Epc/Pfcpiface+2
Linziyuu
·
Published
2025-12-18
·
Updated
2025-12-20
·
CVE-2025-65563
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
omec-project UPF versions up to 2.1.3-dev
Description
A denial-of-service issue exists in the UPF (component upf-epc/pfcpiface). When the UPF receives a PFCP Association Setup Request lacking the mandatory NodeID Information Element, the association setup handler attempts to use a null pointer without validation, leading to a process termination. An attacker capable of sending PFCP Association Setup Request messages to the UPF’s N4/PFCP endpoint can repeatedly crash the UPF and disrupt user-plane services. The affected component is
upf-epc/pfcpiface.Recommendations
Versions prior to 2.1.3-dev should be updated.
Exploit
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Upf
Omec-Project Upf
Upf-Epc/Pfcpiface