Description

free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.

INFO

Published Date :

2026-02-23T21:38:15.526Z

Last Modified :

2026-02-25T15:30:30.289Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-69247 vulnerability.

Vendors Products
Free5gc
  • Go-upf
  • Upf
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-69247.

URL Resource
https://github.com/free5gc/free5gc/issues/746 cve-icon cve-icon
https://github.com/free5gc/free5gc/security/advisories/GHSA-gf69-93xr-p23g cve-icon cve-icon
https://github.com/free5gc/go-upf/commit/b798fe5ee6a984be492fa53958dd5f1305469f85 cve-icon cve-icon
https://github.com/free5gc/go-upf/pull/85 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact