Description

free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended.

INFO

Published Date :

2026-02-23T21:27:51.587Z

Last Modified :

2026-02-25T15:26:32.065Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69232 vulnerability.

Vendors Products
Free5gc
  • Go-upf
  • Smf
  • Upf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69232.

URL Resource
https://github.com/free5gc/free5gc/issues/745 cve-icon cve-icon
https://github.com/free5gc/free5gc/security/advisories/GHSA-8m42-qw58-8362 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact