CVE-2025-70121

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1

Description A flaw exists in the AMF component of free5GC that could allow a remote attacker to disrupt service. This happens due to an array index out of bounds condition when processing a specially crafted 5GS Mobile Identity within a NAS Registration Request message. Specifically, the issue is located in the GetSUCI method (NAS MobileIdentity5GS.go) where an attempt is made to access index 5 of a 5-element array, resulting in a runtime panic and AMF crash.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting or filtering the format of 5GS Mobile Identity data received in NAS Registration Request messages.