CVE-2026-25501

Name of the Vulnerable Software and Affected Versions free5GC SMF versions prior to 1.4.2

Description The free5GC Session Management Function (SMF), a component of the free5GC 5G mobile core network, is susceptible to a panic and process termination. This occurs due to a nil pointer dereference triggered by a malformed PFCP SessionReportRequest received on the SMF PFCP interface (UDP/8805). The issue affects versions up to and including 1.4.1.

Recommendations Apply access control lists (ACLs) or firewall rules to the PFCP interface to restrict access to trusted UPF IP addresses. Implement inspection or filtering of malformed PFCP SessionReportRequest messages at the network edge. Add recover() around PFCP handler dispatch to prevent complete process termination as a mitigation measure.