CVE-2025-65568

Name of the Vulnerable Software and Affected Versions omec-project UPF versions upf-epc-pfcpiface:2.1.3-dev

Description A denial-of-service issue exists in the omec-project UPF (pfcpiface component). Specifically, a PFCP Session Establishment Request containing a CreateFAR with an invalid IPv4 address field is not adequately validated. The parseFAR() function calls ip2int(), which can lead to an out-of-bounds read on the IPv4 address buffer, resulting in a panic. An attacker capable of sending PFCP Session Establishment Request messages to the UPF’s N4/PFCP endpoint can exploit this to crash the UPF and disrupt user-plane services. The vulnerable component is the PFCP interface. The affected API endpoint is the N4/PFCP endpoint. The vulnerable parameter is the IPv4 address field within the CreateFAR.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the N4/PFCP endpoint to authorized sources only.