PT-2026-4469

Name of the Vulnerable Software and Affected Versions Free5gc NRF version 1.4.0 Description An issue exists in the access-token generation logic of Free5gc. The AccessTokenScopeCheck function within the file internal/sbi/processor/access token.go bypasses scope validation when a crafted targetNF...

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

CVE-2025-66719

An issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck function in file internal/sbi/processor/accesstoken.go bypasses all scope validation when the attacker uses a crafted targetNF value. This allows attackers to obtain an access...

CVE-2025-66719

Summary: CVE-2025-66719 affects Free5GC NRF 1.4.0. The vulnerability lies in the AccessTokenScopeCheck() in internal/sbi/processor/access_token.go, where scope validation is bypassed when a crafted targetNF value is supplied, enabling an attacker to obtain an access token with arbitrary scopes. I...

CVE-2023-4882

DOS vulnerability that could allow an attacker to register a new VNF Virtual Network Function value. This action could trigger the argsassets function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash...

CVE-2023-4883

Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF Virtual Network Function, and triggering the ogssbimessagefree function, which could cause a...

OpenAirInterface CN5G AMF 安全漏洞

OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.1.9 and earlier versions, which stems from a buffer overflow when processing NAS messages, and could lead to a denial-of-service attack or execution of malicio...

PT-2025-52289

Name of the Vulnerable Software and Affected Versions omec-project UPF version 2.1.3-dev Description A denial-of-service issue exists in the omec-project UPF pfcpiface component. Specifically, when a PFCP Session Establishment Request is sent to the UPF’s N4/PFCP endpoint without the mandatory...

CVE-2025-63288

In Open5GS 2.7.6, AMF crashes when receiving an abnormal NGSetupRequest message, resulting in denial of service...

CVE-2025-41068

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

CVE-2025-41068

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

CVE-2025-41068

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

EUVD-2025-36179

Reachable Assertion vulnerability in Open5GS up to version 2.7.5 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

CVE-2025-41068

CVE-2025-41068 : Reachable Assertion in Open5GS NRF. Affected: Open5GS up to version 2.7.6 (and variants cited as up to 2.7.5 in some sources). Condition: attacker with network access to the NRF can trigger by sending an NF creation request with an invalid type via the SBI, then request its data....

CVE-2025-41068 Reachable Assertion vulnerability in Open5GS

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

CVE-2025-41068 Reachable Assertion vulnerability in Open5GS

Reachable Assertion vulnerability in Open5GS up to version 2.7.6 allows attackers with connectivity to the NRF to cause a denial of service. This is achieved by sending the creation of an NF with an invalid type via SBI and then requesting its data. The NRF executes a check that crashes the...

PT-2025-43949

Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A reachable assertion issue in Open5GS up to version 2.7.5 can lead to a denial of service. An attacker with network access to the Network Repository Function NRF can exploit this by sending a Network...

CVE-2025-55670

On BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes systems, repeated undisclosed API calls can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-59781

When DNS cache is configured on a BIG-IP or BIG-IP Next CNF virtual server, undisclosed DNS queries can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2025-55670

The CVE-2025-55670 entry concerns BIG-IP Next CNF, BIG-IP Next SPK, and BIG-IP Next for Kubernetes. Repeated undisclosed API calls can cause the Traffic Management Microkernel (TMM) to terminate, resulting in DoS for affected systems. Public references (NVD/Red Hat EU V) corroborate the same desc...