CVE-2025-69232

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions up to and including 1.2.6 free5gc smf versions up to and including 1.4.0

Description The software contains an Improper Input Validation and Protocol Compliance issue that can lead to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request to the UPF. The UPF incorrectly accepts this request, entering an inconsistent state that causes legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. PFCP stands for Protocol for Control Plane Communication, a protocol used for communication between the SMF and UPF.

Recommendations Apply the official patch once it is released.