Expected Behavior Violation

Overview Affected versions of this package are vulnerable to Expected Behavior Violation via the PFCP Association Setup Request process. An attacker can cause service disruption and trigger reconnection loops by sending a malformed request that is incorrectly accepted, resulting in an inconsisten...

CVE-2025-69232 free5GC hasProtocol Compliance Violation in UPF Leading to SMF Service Disruption

free5GC is an open-source project for 5th generation 5G mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote...

CVE-2025-65563

CVE-2025-65563 affects omec-project UPF (upf-epc/pfcpiface). A NULL pointer dereference occurs in the association setup handler when a PFCP Association Setup Request omits the mandatory NodeID Information Element, causing a panic and UPF process termination. An attacker able to send PFCP Associat...

CVE-2025-65563

A denial-of-service vulnerability exists in the omec-project UPF component upf-epc/pfcpiface up to at least version upf-epc-pfcpiface:2.1.3-dev. When the UPF receives a PFCP Association Setup Request that is missing the mandatory NodeID Information Element, the association setup handler...