CVE-2025-70123

Name of the Vulnerable Software and Affected Versions free5GC version 4.0.1

Description An improper input validation and protocol compliance issue exists in free5GC version 4.0.1. The UPF component incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This leads to an inconsistent state within the UPF, and a subsequent valid PFCP Session Establishment Request causes a cascading failure, disrupting the SMF connection and resulting in service degradation. The vulnerability allows remote attackers to cause a denial of service.

Recommendations Update to a newer version that contains a fix for this vulnerability.