CVE-2025-69252

Name of the Vulnerable Software and Affected Versions free5gc UDM versions up to and including 1.4.1

Description free5gc UDM provides Unified Data Management for free5GC, an open-source 5G mobile core network project. A NULL Pointer Dereference exists that allows remote, unauthenticated attackers to cause a Denial of Service by sending a crafted PUT request containing an unexpected ueId, leading to a service panic and crash. All deployments utilizing the UDM component may be affected. The issue can be triggered via a crafted request to the UDM service.

Recommendations free5gc UDM version 1.4.1 and earlier: Apply the patch available in free5gc/udm pull request 76.