Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
free5GC v4.0.1: Malformed Input Triggers Denial of Service
CVE-2025-70123
Summary
A security issue in free5GC v4.0.1 can cause a denial of service to remote attackers. This happens when the system incorrectly handles a specific type of request, leading to service degradation. To stay safe, update to a fixed version of free5GC or consider implementing additional security measures to prevent this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| free5gc | free5gc | 4.0.1 | – |
Original title
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association S...
Original description
An improper input validation and protocol compliance vulnerability in free5GC v4.0.1 allows remote attackers to cause a denial of service. The UPF incorrectly accepts a malformed PFCP Association Setup Request, violating 3GPP TS 29.244. This places the UPF in an inconsistent state where a subsequent valid PFCP Session Establishment Request triggers a cascading failure, disrupting the SMF connection and causing service degradation.
nvd CVSS3.1
7.5
Vulnerability type
CWE-20
Improper Input Validation
- https://github.com/free5gc/free5gc/issues/745 Exploit Issue Tracking Vendor Advisory
Published: 13 Feb 2026 · Updated: 10 Mar 2026 · First seen: 6 Mar 2026