CVE-2025-69247

Name of the Vulnerable Software and Affected Versions free5GC go-upf versions prior to 1.2.8

Description The go-upf component of free5GC, a User Plane Function (UPF) implementation for 5G networks, contains a Heap-based Buffer Overflow. A specially crafted PFCP Session Modification Request with an invalid SDF Filter length field can cause a heap buffer overflow, leading to a Denial of Service. This can crash the UPF network element, disrupting service for connected UEs and potentially causing cascading failures affecting the SMF. All deployments utilizing the free5GC UPF component may be affected.

Recommendations Update to version 1.2.8 or later.