CVE-2025-69251

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1

Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A flaw exists where attackers can inject control characters, such as %00, into the ueId parameter. This injection causes internal URL parsing errors (net/url: invalid control character), potentially revealing system implementation details and aiding in service fingerprinting. The Nudm UECM service within free5GC UDM is potentially affected in all deployments.

Recommendations Apply the fix available in free5gc/udm pull request 76.