CVE-2025-65564

Name of the Vulnerable Software and Affected Versions omec-upf versions 2.1.3-dev

Description A denial-of-service issue exists in omec-upf. Specifically, when the UPF receives a PFCP Association Setup Request lacking the mandatory Recovery Time Stamp Information Element, the association setup handler attempts to dereference a nil pointer via IE.RecoveryTimeStamp() instead of validating the message. This leads to a process termination, effectively crashing the UPF. An attacker capable of sending PFCP Association Setup Request messages to the UPF’s N4/PFCP endpoint can exploit this to repeatedly crash the UPF and disrupt user-plane services. The vulnerable endpoint is the N4/PFCP endpoint. The vulnerable function is IE.RecoveryTimeStamp().

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider filtering or validating PFCP Association Setup Request messages to ensure the Recovery Time Stamp Information Element is present before processing them.