CVE-2025-69250

Exploit

EPSS 0.4%
Veröffentlicht 23.02.2026 23:45:02
Zuletzt bearbeitet 25.02.2026 16:45:38
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

free5GC has Improper Error Handling in UDM, Leading to Information Exposure

free5gc UDM provides Unified Data Management (UDM) for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, the service reliably leaks detailed internal error messages (e.g., strconv.ParseInt parsing errors) to remote clients when processing invalid pduSessionId inputs. This exposes implementation details and can be used for service fingerprinting. All deployments of free5GC using the UDM Nudm_UECM DELETE service may be vulnerable. free5gc/udm pull request 76 contains a fix for the issue. No direct workaround is available at the application level. Applying the official patch is recommended.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Free5gc ≫ Udm SwPlatformgo Version <= 1.4.1

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.4%	0.314

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
security-advisories@github.com	6.6	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/free5gc/free5gc/security/advisories/GHSA-6w77-5pqh-83rm

Patch

Vendor Advisory

https://github.com/free5gc/free5gc/issues/750

Vendor Advisory

Exploit

Issue Tracking

https://github.com/free5gc/udm/pull/76

Patch

Issue Tracking

https://github.com/free5gc/udm/commit/504b14458d156558b3c0ade7107b86b3d5e72998

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-69250

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-69250

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-69250

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-69250