CVE-2025-69250

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1

Description The UDM component of free5gc, used for Unified Data Management in 5G mobile core networks, discloses detailed internal error messages to remote clients when processing invalid pduSessionId inputs. This exposure of implementation details can be used for service fingerprinting. All deployments utilizing the UDM Nudm UECM DELETE service may be affected.

Recommendations Apply the patch available in free5gc/udm pull request 76.

Exploit

Fix

Improper Check for Exceptional Conditions

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-754CWE-20

Related Identifiers

CVE-2025-69250

GHSA-6W77-5PQH-83RM

Affected Products

Free5Gc Udm

CVE-2025-69250

Weakness Enumeration

Related Identifiers

Affected Products

References · 14