CVE-2025-69248

Name of the Vulnerable Software and Affected Versions free5GC versions up to and including 1.4.1

Description free5GC is an open-source project for 5th generation (5G) mobile core networks. A buffer overflow exists in the AMF service, potentially leading to a denial of service. Remote, unauthenticated attackers can exploit this by sending a specially crafted NAS Registration Request containing a malformed 5GS Mobile Identity. This can cause the AMF service to crash, resulting in a complete denial of service for the 5G core network. All deployments of free5GC utilizing the AMF component may be affected. The vulnerability occurs due to improper handling of the 5GS Mobile Identity within the NAS Registration Request.

Recommendations Apply the official patch available in pull request 43 of the free5gc/nas repository.